⏩ TL;DR - This Week in SysAdmin Land

· We’ve got a truly spooky Halloween-themed podcast this week (because who doesn’t like horror stories with servers?).

· Major critical patch alert: CVE‑2025‑59287 in Windows Server Update Services (WSUS) is actively exploited - if you run WSUS, patch now.

· We’re revisiting network fundamentals with the OSI model - yes, dust off your layer cake, we’re serving up layer 1 to 7 for your next troubleshooting session.

· Strong community content this week: Linux stress-testing, Azure Local overview, a data-driven look at Apple Silicon CPU core frequencies.

· Tool of the Week: a slick terminal app that could become your new favourite toy.

· Quick Win & Retro Fact - because even infrastructure nerds deserve a little snack.

· Wrap-up with a plug for next week’s podcast (you know you’ll listen).

An Update on the Publication

I greatly appreciate all the readers of this newsletter and you may have noticed an absence of the publication for the edition that was to come out two weeks ago. As folks that watch the podcast know, there has been A LOT of projects (both personal and professional) on my plate over the last month or two. This time of year is typically my busiest time of year and sadly something had to give. That said, I’m through my backlog, and looking forward to continue providing regular editions of this newsletter once again!

This Week’s Insight(s) from Andy

Theme for this edition: “Patch & Pivot: From Fundamental Layers to Active Threats”
In this issue, we’re straddling both ends of the SysAdmin spectrum: going back to the bedrock with the OSI model (don’t roll your eyes yet) and facing forward into the very real, very active world of exploited vulnerabilities (yes, the WSUS one). The juxtaposition is intentional: whether you’re explaining Layer 3 routing to a junior or scrambling to fix a critical RCE in your update infrastructure, the mindset of “understand deep; act fast” is what differentiates the average from the excellent.

When it comes to cybersecurity, and more importantly achieving real security outcomes, the mantra “understand deep; act fast” can feel intimidating for those pivoting into the security space. But here’s the truth: cybersecurity pros are often the ones in the room who understand their tech stack *most* deeply.

Why? Because to truly secure something, you have to understand it from the kernel up. Every layer, every dependency, every quirk. Yet, in a world obsessed with abstraction, we’ve drifted away from the underlying mechanics that keep our systems alive. That blind spot? It’s exactly where threat actors love to play.

So how does that tie into this week’s theme Patch and Pivot? Patching is easy. Anyone can apply an update and move on. But pivoting? That’s where the real challenge lies. SysAdmins are now standing at the crossroads of IT and security, and the ones who thrive will be those who dig deeper the ones who move beyond “apply patch” and into “understand why it matters.” Because real defense starts where surface-level understanding stops.

So if you’re a SysAdmin today, don’t wait to be handed a security title, start learning the internals your tools hide. You can’t protect what you don’t understand.

And now, back to our regularly scheduled programming…..

Latest on the SysAdmin Weekly Podcast

This week’s episode: Halloween “SysAdmin Horror Stories” - join Andy as he and guests spin real-world tales where things went terrifyingly wrong in infrastructure, cloud, and on-prem. Yes, there’s ghosting, haunted servers, and maybe even a spectre of unmanaged firmware creeping through the data centre.

What You Missed on Last Week’s Episode of SysAdmin Weekly

Last week’s episode: University IT training vs real-world readiness - Andy and guest Clay Tamam dove into whether formal IT degrees truly prepare sysadmins for the trenches, or if bootcamps, on-the-job hacks, and real mistakes carry more weight.

Sneak Peek of an Upcoming Episode

Next week: Andy and Eric talk about the “enshitification” of tech vendors and how vendor behavior has shifted from partner to parasite, what happens when the vendor plays you more than you play the tech, and what SysAdmins can do about it.

From AndyOnTech

How to stress-test Linux - A clean, practical walkthrough on putting your Linux boxes through controlled chaos. Covers CPU, memory, GPU, and I/O stress testing with just enough explanation to understand what’s actually happening under the hood. It’s the kind of test you’ll wish you ran *before* production went sideways. Perfect weekend lab project for anyone running a home server or validating hardware stability.

Core Fundamentals

The OSI model explained - It’s old-school, yes, but still gold. Understanding each of the seven layers gives you the lens to pinpoint where things go sideways: from physical cabling (Layer 1) to application behavior (Layer 7).

Helpful Community Content

• How to restore deleted Entra ID conditional access policies and named locations - From Jan Bakker: a lifesaver when someone nukes your conditional access by accident.

• Azure Local overview video - From Thomas Maurer: what Azure Local is, why you might need it, and how it fits with edge/distributed stuff.

• Updated CPU core frequencies for Apple Silicon Macs - Data-driven deep dive for the Apple side of the house. Cool geek reading.

Other SysAdmin Content from Vendors and Official Publications

· Fedora Linux 43 has been released - New features, new kernel, new life for test labs maybe.

· Windows 11 Insider Preview Build 26120.6982 (Beta Channel) announced - If you’re running lab machines or poking at future client OS behavior: heads up.

Security Headlines for SysAdmins

· Critical WSUS vulnerability: CVE-2025-59287 – patch immediately - This one is massive. A remote, unauthenticated RCE in WSUS, CVSS 9.8, active exploits. If you have a WSUS server role enabled: stop reading, go patch.

· Cybersecurity and Infrastructure Security Agency (CISA) updates their Known Exploited Vulnerabilities catalog - They’ve flagged the WSUS vuln among others; this isn’t hypothetical anymore.

Tool of the Week

Ghostty - A slick terminal-application you’ll want to try: for those nights when typing at 3 AM and wondering whether your shell can be cooler. Go ahead, indulge your inner penguin.

Quick Win of the Week

Check your inventory/CMDB and ask the question: “Which servers have the WSUS Server role enabled and are listening on ports 8530 or 8531?” If you find any, prioritize patching or isolating them immediately. You might just win this week before the next alert hits.

Fun Retro SysAdmin Fact

Back in the day, the architecture for the mainframe and minicomputer era relied on multi-user terminals connected via RS-232 lines (often at 9600 bps). That meant many sysadmins were night-shift heroes with endless string lights of terminal screens. Integrity of those lights vs. modern dust-filled racks? It’s evolution, baby.

☕ Wrap-Up

Thanks for riding shotgun with me through this week’s edition of SysAdmin Weekly remember: “Fundamentals + Vigilance = Survival.” If you only take one thing from this newsletter, make it patch early, understand deeply.

Don’t forget to tune into the podcast over at www.sysadminweekly.com and drop us a rating or share your own horror story (especially around midnight). Until next week: stay sharp, stay curious, and yes… stay spooky.