By now many of you have read reports on various news channels, blog posts, etc… This flaw was patched in Microsoft’s March 2017 update cycle (MS17-10).
The ‘WannaCry’ (‘WannaCrypt’, ‘WCRY’) was reported worldwide on May 12th 2017 as a ransomeware worm targeting out-of-date systems. WannaCry is leveraging vulnerabilities that were previously fixed on systems that have been updated. Unfortunately many computers in enterprises have not been updated due to delay in deployments of new patches. This is a common theme for many companies as they apply the IIABDEF (if it ain’t broke don’t ever fix) rule.
Microsoft issued critical security bulletin MS17-010 listing patches for the various affected operating systems.
Here is a following list of hotfixes you may wan ensure you have installed
# List Host by OS Version
# KB4012212 – Windows Server 2008
# KB4012217 KB4015551 KB4019216 – Windows Server 2012
# KB4012216 KB4015550 KB4019215 – Windows Server 2012 R2
# KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 – Windows Server 2016
If any or all of these are missing you should apply the MS17-010 fix
What can you do to help prevent the spread of such ?
- Keep software up-to-date, including operating systems
- Avoid dangerous web locations
- Educate users on how detect potential cyberattacks delivered via phishing emails, infected banners, spam emails, social engineering attempts, etc.