Identified - Synopsis:

Within the May Windows Updates released on 10th May 2022 by Microsoft there is an update which addresses two known vulnerabilities (CVE-2022-26931 and CVE-2022-26923). It has come to light that the update causes various issues with authentication protocols. Microsoft have confirmed that service impact is limited to servers running in the Domain Controller role.

Nature of the issue:

Microsoft have advised the following:

After installing updates released May 10, 2022 on your domain controllers, you might see authentication failures on the server or client for services such as Network Policy Server (NPS), Routing and Remote access Service (RRAS), Radius, Extensible Authentication Protocol (EAP), and Protected Extensible Authentication Protocol (PEAP)

Impacted Systems:

Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2 Enterprise ESU
Windows Server 2008 R2 Standard ESU
Windows Server 2008 R2 Datacenter ESU
Windows Server 2008 Service Pack 2
Windows Server 2016
all editions Windows Server, version 20H2
all editions Windows Server 2022
Windows Server 2019

Remediation Advice:

Pulsant would recommend that clients proceed with patching end user devices as normal. Servers not running in the Domain Controller role can also be patched at this time.

For servers running in the Domain Controller role, Pulsant would recommend that clients postpone their normal patching routine for a period of at least 14 days in the expectation that Microsoft will release an emergency update which addresses this issue. However, clients should balance this advice against their own risk posture in relation to the various critical and high vulnerabilities which are covered by the May release, including the following:

CVE-2022-26925
CVE-2022-22713
CVE-2022-29972

Pulsant are currently working with our Cyber Security team to assess how best to approach our normal cycle of automated and manual patching for the May release.

External Links:

https://docs.microsoft.com/en-us/windows/release-health/status-windows-server-2022#2826msgdesc
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-windows-updates-cause-ad-authentication-failures/
https://www.tenable.com/blog/microsofts-may-2022-patch-tuesday-addresses-73-cves-cve-2022-26925

May 13, 13:30 BST
Update - Due to the escalations within Ukraine, Pulsant's Cyber Security team have taken additional measures to review a common set of CVE’s (common vulnerabilities and exposures) that have been known to be exploited by Russian-state sponsored APT (advanced persistent threat) actors for initial access. This has been against all our internal assets and where possible client assets (covered by appropriate services within Alert Logic) – both searches have produced no results.

Pulsant continue to engage and monitor threat intelligence feeds for updates, including NCSC (UK National Cyber Security Centre). Their advice on appropriate counter-measures remains our existing stance, which is to routinely assess the effectiveness of our cyber controls, regardless of the threat.

Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.

Feb 24, 17:19 GMT
Monitoring - We continue to monitor this situation carefully and will update clients if threat levels change.
Feb 2, 16:32 GMT
Investigating - As as result of tensions in Ukraine, NCSC have flagged a potentially elevated cyber threat but also state that they are not aware of any specific threat to UK organisations at this time.

General advice from NCSC reflects our normal approach to Cyber threats (regardless of its origin) in that we maintain and routinely measure the effectiveness of appropriate counter measures to reduce our exposure to cyber-attacks. Good cyber security relies upon ensuring that mitigations and detective controls continue to perform as expected and we have the capability and capacity to respond quickly to security incidents if or when they occur.

Pulsant as an organisation has robust and effective policy, governance and technical controls that ensures we patch our systems regularly, maintain strong access controls (incl. multi-factor authentication), perform regular system, network infrastructure monitoring, and maintain effective incident management and response. Pulsant also keep abreast of evolving threats and will take extraordinary measures where necessary.

Not all clients consume Pulsant Protect solutions, if you as a client manage your own security, we would advise you follow NCSC guidance or seek further advice from Pulsant on where we can assist further.

Feb 2, 16:32 GMT

About This Site

We are the UK’s leading colocation and cloud infrastructure provider.

We provide colocation and cloud infrastructure services from our 10 regional data centres, including integration and management of public cloud, with a core focus on availability, security and connectivity.

Business Continuity Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Newcastle Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Asigra) Reading Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Veeam) Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Backup (Veeam) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Disaster Recovery Operational
90 days ago
100.0 % uptime
Today
Data Centre Services Operational
90 days ago
99.99 % uptime
Today
Edinburgh Medway Operational
90 days ago
100.0 % uptime
Today
Edinburgh Newbridge Operational
90 days ago
100.0 % uptime
Today
Edinburgh South Gyle Operational
90 days ago
100.0 % uptime
Today
Glasgow Operational
90 days ago
100.0 % uptime
Today
Maidenhead Operational
90 days ago
100.0 % uptime
Today
Manchester Operational
90 days ago
100.0 % uptime
Today
Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Newcastle East Operational
90 days ago
100.0 % uptime
Today
Reading Operational
90 days ago
100.0 % uptime
Today
Sheffield Operational
90 days ago
99.97 % uptime
Today
South London Operational
90 days ago
100.0 % uptime
Today
Managed Cloud Operational
90 days ago
99.99 % uptime
Today
Azure Operational
90 days ago
100.0 % uptime
Today
AWS Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Edinburgh Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Newcastle East Operational
90 days ago
100.0 % uptime
Today
Cloud Storage Reading Operational
90 days ago
100.0 % uptime
Today
Managed Office 365 Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Edinburgh Operational
90 days ago
99.98 % uptime
Today
Pulsant Enterprise Cloud (PEC) Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Newcastle Central Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Newcastle East Operational
90 days ago
100.0 % uptime
Today
Pulsant Enterprise Cloud (PEC) Reading Operational
90 days ago
100.0 % uptime
Today
Cloud Desktop Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Cloud Desktop Edinburgh Operational
90 days ago
100.0 % uptime
Today
Email Security Services Operational
90 days ago
100.0 % uptime
Today
Managed Networks Operational
90 days ago
99.98 % uptime
Today
Cloud Connect Operational
90 days ago
100.0 % uptime
Today
Maidenhead Operational
90 days ago
100.0 % uptime
Today
Medway Operational
90 days ago
100.0 % uptime
Today
Milton Keynes Operational
90 days ago
100.0 % uptime
Today
Newcastle Operational
90 days ago
100.0 % uptime
Today
Newbridge Operational
90 days ago
100.0 % uptime
Today
Reading Operational
90 days ago
100.0 % uptime
Today
South Gyle Operational
90 days ago
100.0 % uptime
Today
South London Operational
90 days ago
100.0 % uptime
Today
South Yorkshire Operational
90 days ago
100.0 % uptime
Today
Leased Lines Operational
90 days ago
100.0 % uptime
Today
xDSL Services Operational
90 days ago
99.63 % uptime
Today
IP Transit Operational
90 days ago
100.0 % uptime
Today
Data Centre Failover Operational
90 days ago
100.0 % uptime
Today
Content Delivery Network (CDN) Operational
90 days ago
100.0 % uptime
Today
Cloud Fabric Operational
90 days ago
100.0 % uptime
Today
Data Centre Connect Operational
90 days ago
100.0 % uptime
Today
Metro Connect Operational
90 days ago
100.0 % uptime
Today
Optical Connect Operational
90 days ago
100.0 % uptime
Today
Managed Security Operational
90 days ago
100.0 % uptime
Today
Cloud Protect Operational
90 days ago
100.0 % uptime
Today
DDoS Protect Operational
90 days ago
100.0 % uptime
Today
Threat Intelligence Alert Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance
Major outage
Partial outage
No downtime recorded on this day.
No data exists for this day.
had a major outage.
had a partial outage.