What to do about Sandworm and MS14-058

Don't look out the Window(s)

Microsoft recently issued two patches it considers critical to the security of all Windows computers: PCs and Web servers alike. We’re going to get the “What do I need to do for my website?” questions right away; you can jump to the DETAILS section to learn more about the Sandworm and MS14-058 vulnerabilities.

VPS/Dedicated Server Customers

Managed Hosting/Assisted Service Plan customers don’t need to do anything; we’re taking care of everything for you.

If you have a Windows-based server with us that we don’t manage, you should make sure your server is patched immediately. Most customers don’t need to do anything because they use Windows’ automatic update feature, but we have the instructions to manually run the update here.

Alternatively, you can also manually apply the patch using Microsoft’s instructions here.

Shared Hosting Customers

We’re handling everything and you’re probably already secure.

DETAILS

OK, so what are these vulnerabilities?

Sandworm affects Windows-based computers and can lead to compromises if users open infected Office files.

MS14-058 affects Windows-based computers and can lead to compromises if users get coerced into clicking links that lead to malicious websites.

What should I do for my personal computer?

Protect yourself against the vulnerabilities by patching all of your Windows-based devices. Keeping your computers updated is something you should always do. Even if the updates interrupt watching a marathon of The Wire.

You should also be leery of visiting websites people send you links to, especially if it seems even remotely suspicious. We’re not saying your friends aren’t trustworthy, but their accounts can get hacked and leveraged against their friends (e.g. you).

What’s GoDaddy doing?

We’re in the process of patching all of our Windows-based servers. This includes all of our shared hosting customers, as well as Managed Hosting and Assisted Service Plan customers.


Also published on Medium.

Image by: SgtOneill via Compfight cc

Sean Loiselle
Sean Loiselle is a senior technical writer in NYC who focuses on open source enterprise software. When he's not neck-deep in SQL, he takes in the city's museums, music, theater, and performance art spots.