Archive for the ‘SQL’ category

Extended Events – Security Issue – SQL Server 2019, 2017, 2016, 2014

January 13th, 2021

Microsoft has fixed vulnerabilities in Extended Events that “may cause code to run against the SQL Server process if a certain extended event is enabled.”

-KB 4583468 https://support.microsoft.com/en-us/help/4583468/kb4583468-microsoft-sql-server-elevation-of-privilege-vulnerability
and
– CVE 2021 1636, https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1636
Lots of patching to do :
• SQL Server 2019 CU8 GDR
• SQL Server 2017 CU22 GDR
• SQL Server 2016 SP2 CU15 GDR
• SQL Server 2014 SP3 CU4 GDR
And there are GDRs for other patch levels too, like if you’re on 2016 but not on SP2 yet.

Ransomware that is Devastating MySQL Servers – be aware

December 29th, 2020

PLEASE_READ_ME is an active ransomware campaign that has been targeting MySQL database servers and dates back to at least the start of this year. The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers. There are close to 5M internet-facing MySQL servers worldwide.

MySQL servers have often been used as a low cost alternative for applications like Dynamics Ax Retail store databases.

250,000 databases are offered for sale in the attackers’ dashboard, from 83,000 successfully-breached victims.

If you are using MySQl databases then we strongly recommend that you immediately review your credentials security and reference the link above.

DymaxIO Subscription Licensing -all Condusiv products now rolled into one for fast data.

October 21st, 2020

All of the technologies in V-locity®, Diskeeper®, and SSDkeeper® have been rolled into one new product – DymaxIO™.

New DymaxIO is fast data software. Whether on-premises or in the Cloud, DymaxIO returns more than 40%+ of your hroughput that is being robbed due to I/O inefficiencies of Windows, SQl and virtualisation.

Fix your application slows, freezes, timeouts, slow SQL queries, reduce cloud compute costs, and more, at the source – no new hardware needed.
A software solutlion to a software performance problem.

DymaxIO is sold as an annual subscription which saves you money. Subscriptions are available for client, server, and host systems.

A new DymaxIO site license is also available to conveniently and cost-effectively optimize the performance of all Windows systems.

To improve performance across your systems callus on 009714 3365589

MrbMiner – act now to protect your SQL databases

October 3rd, 2020

MSSQL databases are under attack by a new devastating attack campaign. This time it is a dangerous malware called MrbMiner which is devised by an experienced hacking group. At this moment there is no information available about the identity of the criminals behind it. The name was given to the virus after one of the domain names which was registered to spread it.The attacks using a botnet approach — numerous computers and hacked hosts are tasked with the goal of automatically identifying accessible database servers on a given network. If such is found an automated script will be invoked which will attempt to leverage various security exploits. The main technique used is the brute force attempts that will use a dictionary or algorithm-based lists of usernames and passwords of the administrative users.A new malware gang has made a name for itself over the past few months by hacking into Microsoft SQL Servers (MSSQL) and installing a crypto-miner.

Thousands of MSSQL databases have been infected so far, according to the cybersecurity arm of Chinese tech giant Tencent.In a report published earlier this month, Tencent Security named this new malware gang MrbMiner, after one of the domains used by the group to host their malware. The Chinese company says the botnet has exclusively spread by scanning the internet for MSSQL servers and then performing brute-force attacks by repeatedly trying the admin account with various weak passwords.

Once the attackers gain a foothold on a system, they download an initial assm.exe file, which establishes a (re)boot persistence mechanism and adds a backdoor account for future access. Tencent says this account uses the username “Default” and a password of “@fg125kjnhn987.”

The last step of the infection process was to connect to the command and control server and download an app a Trojan module. that mines the Monero (XMR) cryptocurrency by abusing local server resources and generating XMR coins into accounts controlled by the attackers. It is used to keep a connection to the hacker-controlled server. It is used to take over control of the systems and steal any files and data from the hacked hosts. Usually, database servers are built on top of enterprise-grade and performance-optimized servers. For this reason, the hackers behind the ongoing campaign have implemented another dangerous action – to deploy a cryptocurrency miner. This is a script configured to download multiple performance-intensive complex tasks onto the infected servers. They will run automatically which will have a crippling effect on the usability of the systems. For every reported and completed the job the hackers will receive cryptocurrency assets as a reward.

The attacks will probably change in the near future. They are particularly useful for spreading dangerous malware such as the Qbot Trojan.

LINUX AND ARM VARIANTS ALSO DISCOVERED

The MrbMiner C&C server also contained versions of the group’s malware written to target Linux servers and ARM-based systems.
The Monero wallet used for the MbrMiner version deployed on MSSQL servers stored 7 XMR (~$630). While the two sums are small, crypto-mining gangs are known to use multiple wallets for their operations, and the group has most likely generated much larger profits.
For now, what system administrators need to do is to scan their MSSQL servers for the presence of the Default/@fg125kjnhn987 backdoor account. In case they find systems with this account configured, full network audits are recommended.

A T-SQL query that will collect data for you:

SELECT COUNT(*)
FROM sys.sql_logins AS s
WHERE s.[name] = ‘Default’
AND PWDCOMPARE(‘@fg125kjnhn987.’, s.password_hash) = 1

See this link for guidance on removal:

Why software update is important – the latest patches from Microsoft monthly ‘Patch Tuesday’

September 16th, 2020

There many reasons from performance to new features to compliance and to support new ways of working.
However, with the huge sophisticated increase in cybercrime, unpatched and out fo date software versions are most vulnerable.

As part of this month’s Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, ChakraCore, SQL Server, Exchange Server, Office, ASP.NET, OneDrive, Azure DevOps, Visual Studio, and Microsoft Dynamics — that received new patches, 23 are listed as critical, 105 are important, and one is moderate in severity.

Unlike the past few months, none of the security vulnerabilities the tech giant patched in September are listed as being publicly known or under active attack at the time of release or at least not in knowledge of Microsoft.

A memory corruption vulnerability (CVE-2020-16875) in Microsoft Exchange software is worth highlighting all the critical flaws. The exploitation of this flaw could allow an attacker to run arbitrary code at the SYSTEM level by sending a specially crafted email to a vulnerable Exchange Server.

“A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory,” Microsoft explains. “An attacker could then install programs; view, change, or delete data; or create new accounts.”

Microsoft also patched two critical remote code execution flaws in Windows Codecs Library; both exist in the way that Microsoft Windows Codecs Library handles objects in memory, but while one (CVE-2020-1129) could be exploited to obtain information to compromise the user’s system further, the other (CVE-2020-1319) could be used to take control of the affected system.

Besides these, two remote code execution flaws affect the on-premises implementation of Microsoft Dynamics 365, but both require the attacker to be authenticated.
Microsoft also patched six critical remote code execution vulnerabilities in SharePoint and one in SharePoint Server. While exploiting the vulnerability in SharePoint Server requires authentication, other flaws in SharePoint do not.

Other critical flaws the tech giant patched this month reside in Windows, Windows Media Audio Decoder, Windows Text Service Module, Windows Camera Codec Pack, Visual Studio, Scripting Engine, Microsoft COM for Windows, Microsoft Browser, and Graphics Device Interface.

Vulnerabilities marked as important reside in Windows, Active Directory, Active Directory Federation Services (ADFS), Internet Explorer Browser Helper, Jet Database Engine, ASP.NET Core, Dynamics 365, Excel, Graphics Component, Office, Office SharePoint, SharePoint Server, SharePoint, Word, OneDrive for Windows, Scripting Engine, Visual Studio, Win32k, Windows Defender Application Control, Windows DNS, and more.

Most of these vulnerabilities allow information disclosure, the elevation of privilege, and cross-Site Scripting. Some also lead to remote code execution attacks. In contrast, others allow security feature bypass, spoofing, tampering, and denial of service attacks.

Windows users and system administrators are highly advised to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing security updates, head on to Settings → Update & security → Windows Update → Check for updates or install the updates manually.

S

Windows performance problems – one major cause.

September 1st, 2020

12 substantial Windows performance problems that can cause the most frustration and chew up valuable time can be directly traced to a single source.

1. Slow Application Performance Familiar?. A company runs a large application such as EMR/EHR or ERP o which the entire enterprise depends, and users have to end wait endlessly for data. A sales team operating on a CRM application, and speaking with prospects loses the sale while waiting for data. It could be an LMS, used for the vital administration of educational programs. Other applications such as SharePoint, MS Exchange, VDI, POS and even legacy and proprietary apps all suffer from this same malady. The phone line and support desk tickets is overwhelmed with user complaints.

2. Application Crashses This t brings everything to a dead stop. Freezes and crashes are the biggest headaches of IT, there is nothing worse than angry users. When the application has crashed this will affect others accessing that application, too. When this happens, often a user will yell out, “What’s wrong with the computer?!” But of course, it’s not the computer. We’ll get to that at the end. Meanwhile, log files fill up, transactions or batch tasks don;t complete, and data gets corrupted. There may be downtime to reboot the server, or users may need to rekey data.

3. Missing SLA targets SLAs are the delivery backbone of many companies. Service quality and availability are service aspects written into contracts, and when those re not met, it not only means lost income, it can also mean lost business and clients. This is especially true today in a SaaS environment, in which a client can simply pull the plug and go to another provider. A primary cause of missed SLAs is slow performance. Yet again, it traces to the same source .

4. Slow Data Transfer Rates There are many reasons for heavy data transfer, including backups to other locations, and importing data to new locations, integrations and BI , When transfer rates are slow, it means waiting. And waiting. And waiting. This Windows performance problem eats up system as well as staff resources. Slow data transfer rates are traceable to this same source.

5. SQL Query Timeouts and Latency Enterprises run on data, which means they’re also living and dying on database queries. When a query is originated, the process through which the query was made will wait until the query is satisfied. The longer the wait (latency), the longer a data record, or computing resource is locked to other users. When a timeout occurs, that means that the query must be started again. This, of course, can mean a serious delay.

6. SQL Deadlocks This phenomenon occurs when two or more processes are waiting for the same resource. Each process is then waiting for the other process to complete before continuing. On the user end, SQL deadlocks produce the same result as timeouts: endless waiting.

7. SQL Server 15-Second Warnings An I/O request should complete within milliseconds. The 15-second warning that SQL Server has been waiting for longer than 15 seconds for an I/O request to complete indicates a serious performance problem—once again traceable to the same issue.

8. You Upgrade Hardware…but Performance Still Slow Many think the easy way to solve performance problems is to upgrade hardware. It can help but what happens when you upgrade hardware, and performance is still sluggish? This is a very expensive way to indicate that you have “solved” the wrong problem. Yes, performance was an issue, but the reason behind it was not hardware related. Yes, you guessed it: the cause is the same as all of these other problems.

9. Slow SSD Read/write Speed Companies install SSDs to improve performance—and given the substantial performance difference between SSDs and HDDs, that performance difference should be much better. Sometimes the read/write speed to SSDs is still slow because you’re still suffering from the same problem.

10. Storage Performance Problems Storage is very a sophisticated with solutions designed to improve storage performance. Performance problems you experience with storage are only partly due to the hardware…but to the same cause as the rest of these issues.

11. Slow Server Performance This is the generally sluggish performance phenomenon, the causes of which can be tough to trace down. For that reason, many don’t try—they just decide that hardware must be upgraded: new servers, new storage, perhaps even a new network. Slow server performance is most often rooted in the same cause as all of these other issues. Servers don’t come cheap and they consume utilities

12. VM Density and Consolidation Issues
Its now common practice to consolidate several VMs into one physical server. The higher the VM density is, the more efficient the system may be but those Vms have to talk to each other and the system tBoth VM consolidation and VM density contain the same inherent performance problem as each of these other scenarios and may be preventing you from loading more VMs onto a single host.

The Basic Problem

All of these Windows performance problems that cost you peace of mind can be traced back storage I/O efficiencies.
Virtualization has been great for server efficiency, ba big downsides to virtualization is that it adds complexity to the data path – known as the I/O blender effect that mixes and randomizes I/O streams.

There are 2 severe I/O inefficiencies causing this.

The Windows file system will break up data ‘writes’ into separate storage I/Os and send each I/O packet down to the storage layer separately. This causes I/O characteristics that are much smaller, more fractured, and more random than they need to be – this along with the I/O Blender effect results in bad storage performance. This is a “death by a thousand cuts” scenario – everything is running, but not running nearly as fast as it could.

You could opt to throw more hardware at the problem, but this is expensive and disruptive and can be premature – it is much better to tune what you already own to get the performance of which the server is capable.

Storage I/O contention occurs when you have multiple systems all sharing the same storage resource.

Windows breaks up that I/O profile into a smaller, more fractured, more random I/O profile than it needs to be. when clean that up on one VM then all of the data from that one VM to the host is all streamlined, but then you have all the data from neighbor VMs that are still noisy and causing contention.

So, your performance is penalized once, twice by storage I/O efficiencies. This means systems process workloads are typically about 50% slower than they should on the typical Windows server. Far more I/O than s needed is used to process any given workload. This is a major cause of Windows performance problems

The Solution: ensure large, clean, and contiguous read and write I/Os from all sources, and eliminate the I/O blender effect.

Larger, cleaner, sequential I/Os result in fewer I/Os to process and thus faster data transfer rates for peak performance. In such a case, you can have 1G of data, but instead of transferring it in 100,000 I/Os, you can accomplish it in 70,000, or less.

The next factor is to read and to write I/Os sequentially, instead of randomly. When dealing with storage, sequential I/Os always out-perform random I/Os on hard disk drives, SSDs and flash storage.

These factors work together to transform the nature of the I/O to improve performance:

Larger I/O
Sequential I/O
Less I/O

The overall effect is that the OS workload is reduced, because there are fewer I/Os to process, and they are occurring sequentially.
DymaxIO

This is the solution brought into effect by the DymaxIO fast data software: (A software Solution for a software problem)

-Fewer I/Os, because they are larger
-Sequential I/Os
– Read I/O served from memory DymaxIO accomplishes these improvements through proprietary technology that optimizes and streamlines with both reads and writes.

Write performance: IntelliWrite® patented technology eliminates small, fractured I/Os caused by Windows splitting files into multiple write operations. DymaxIO enforces large, clean, contiguous writes for more payload with every I/O operation.

Read performance: IntelliMemory® patented technology reduces read I/Os from storage by caching hot data server-side. Reads are cached right at VM level from otherwise-idle, available DRAM. Not only does this enormously decrease the I/O latency time, but also decreases the I/O traffic to the storage unit, thus freeing up the storage bandwidth for other work.

Because of these substantial improvements, DymaxIO is able to regularly provide 30 to 40 percent faster data transfer speeds, eliminating a myriad of Windows performance problems.DymaxIO improves the performance and reliability of Windows systems.

Are your servers good candidates for DymaxIO ? Find out quickly and easily without investing a lot of time –
Our I/O Assessment Tool. will:

Analyze data across 11 performance metrics
Easily identify systems suffering from performance issues
Graphs display averages and peaks for each hour

Contact us to learn more: 0097143365589

6-Month Extension for aging versions of Microsoft end-of-support dates.

April 23rd, 2020

When Microsoft products reach their end-of-support dates (known as the end of “extended support”), they continue to function, but Microsoft stops issuing free patches. Security updates stop arriving, which could pose problems for organizations. In response to the “current public health situation,”. Microsoft announced this week that support deadlines that were due in May now fall toward year’s end.

Microsoft’s announcement on extending the Dynamics 365 Customer Engagement legacy Web client by two months also noted that Microsoft will be “simplifying the ability for Dynamics 365 Finance, Supply Chain Management, and Commerce customers to pause updates for an extended period.” However, the document just states that subscribers can pause for “up to three consecutive updates,” without further elaboration.

Microsoft announced earlier this month that it was delaying ending support for the older Transport Layer Security protocols versions 1.0 and 1.1, until the second half of 2020. The switch will have an affect on Microsoft’s browsers and Office 365 products.

Office 2010 Support Still Ends in October
Microsoft issued a reminder that Office 2010 for Windows and Office 2016 for Mac both will reach their end-of-support date on Oct. 13, 2020. They aren’t getting extensions. These Office users face an additional problem, namely that Microsoft plans to end the connections of those products with various Office 365 services on that same Oct. 13, 2020 date. Users should shift to newer productivity-suite products, Microsoft advised.

Microsoft’s announcement:

Also, as previously announced, after October 13, 2020, customers will need to have Office 365 ProPlus,[1] Office 2019 or Office 2016 to connect to Office 365 services. Microsoft will not take any active measures to block legacy versions of the Office client from connecting to Office 365 services, but these older clients may encounter performance and/or reliability issues over time. For related Office client support timelines, see the Office support dates matrix.

Microsoft is planning to rename Office 365 ProPlus as “Microsoft 365 Apps for enterprise” on April 21. This along with other Office 365 name changes, were announced last month.

Synergy Support during covid-19 lockdown

April 6th, 2020

As a precautionary measure instructed by our Government for COVID-19 to be Safe at Home to protect our staff and to protect the community Synergy, consultants are instructed to work from home for at east the next two weeks.

To help us to provide continuous support please follow these guidelines to ensure our queries are recorded and assigned to be addressed in addressed as soon as possible.:

1. Send an email with a clear description in the email Subject line”, which will be helpful to track the email chain.
2. Please mention any internal issue/ticket number assigned, the user, and as much detail as possible e.g. transaction detail such as: order number, vendor code, item code – take a screenshot – copy any error message and attach those details to the email. Better still record the steps e.g. with e.g. webex, or task recorder.
3. If you are not on your work telephone number, or email, e,g when working from home yourself, then ensure you provide contact information for us to reach you.
4. To understand the issue, we may need to connect to the user PC through a screen sharing app such as Microsoft TEAMS, or Go To Meeting. Please ask your admin take appropriate action to ensure we can dial in remotely to your systems if needed, Even when located elsewhere they will also able to join such sessions.
5. Every request is given a ticket number and is then assigned to a consultant. For follow up communication please mention the ticket number. That will make it easier for us to find and review the details and actions to date. It’s possible that more than one consultant may be involved and they will be working remote from each other. This will save time for everyone .
6. Once the support request/ issue is resolved, upon receipt of confirmation email, the request will be closed.
7. When needed to discuss pending issues we will also be available to have a conference call via Microsoft Teams. issues @ mutual agreed time.
6. All support request to be sent to Axapta.support@synergy-software.com and we suggest copy in the lead consultant and account manager with whom you normally deal’
7. Please circulate this information to respective users and department heads, so that everyone working from home is aware that we are still available to support you as best we can and that they know how to help us, to help them.

SQL Server 2016 SP2 Cumulative Update 12

April 1st, 2020

SQL Server 2016 SP2 Cumulative Update 12 contains some useful fixes:

SQL Server can shut down when you hit the max number of sessions
SQL Server can shut down due to lock conflicts during error message processing
“SQL Server crashes frequently” when you check a clustered columnstore index for corruption
AGs may have “interruption” – I guess that means the AG stops replicating, but it’s not clear from the KB article.
Stack dumps when transaction replication has a heavy workload on the publication database
Stack dumps when you query persisted computed columns
Stack dumps when you run a batch mode query with multiple joins (that’s columnstore indexes in 2016)
Scalar functions run slower than they did on SQL Server 2008 R2
Non-yielding scheduler when the primary AG replica runs low on memory
AG may think there’s a missing log block when the database isn’t very active
AG automatic seeding may fail
AGs with persistent log buffers: “all of the secondaries in the AG become unavailable”
Change tracking auto cleanup causes access violations and stack dumps
Access violations when Extended Events tries to capture query text on busy servers
Error when stored proc in database A pulls data from database B while being audited in database C
Stack dumps when you alter database-scoped configurations
Incorrect statistics histograms when they’re updated in parallel – which also means that after you apply this CU, you should probably update your statistics.
There’s also a new feature: the default system health Extended Events session can store way more data now, AND you can edit how much it holds!

SQL Server 2016 SP2 Cu12 is available

March 1st, 2020

There’s a new feature: the default system health Extended Events session can now store a lot more data and you can edit how much it should hold.

Several hotfixes
• SQL Server can shut down when you hit the max number of sessions
• SQL Server can shut down due to lock conflicts during error message processing
• “SQL Server crashes frequently” when you check a clustered columnstore index for corruption
• AGs may have “interruption”
• Stack dumps when transaction replication has a heavy workload on the publication database
• Stack dumps when you query persisted computed columns
• Stack dumps when you run a batch mode query with multiple joins (that’s columnstore indexes in 2016)
• Scalar functions run slower than they did on SQL Server 2008 R2
• Non-yielding scheduler when the primary AG replica runs low on memory
• AG may think there’s a missing log block when the database isn’t very active
• AG automatic seeding may fail
• AGs with persistent log buffers: “all of the secondaries in the AG become unavailable”
• Change tracking auto cleanup causes access violations and stack dumps
• Access violations when Extended Events tries to capture query text on busy servers
• Error when stored proc in database A pulls data from database B while being audited in database C
• Stack dumps when you alter database-scoped configurations
• Incorrect statistics histograms when they’re updated in parallel – which also means that after you apply this CU, you should probably update your statistics.

Cumulative updates (CU) are now available at the Microsoft Download Center.

Only the most recent CU that was released for SQL Server 2016 SP2 is available at the Download Center. Each new CU contains all the fixes that were included togetrher with the previous CU for the installed version or service pack of SQL Server.
•Microsoft recommends ongoing, proactive installation of CUs as they become available: •SQL Server CUs are certified to the same levels as Service Packs, and should be installed at the same level of confidence.
•Historical data shows that a significant number of support cases involve an issue that has already been addressed in a released CU.
•CUs may contain added value over and above hotfixes. This includes supportability, manageability, and reliability updates.

•Just as for SQL Server service packs, we recommend that you test CUs before you deploy them to production environments.
•We recommend that you upgrade your SQL Server installation to the latest SQL Server 2016 service pack.