WannaCry Ransomware: Latest windows patch/s

[esme]

http://www.computerweekly.com/news/450418770/Businesses-urged-to-apply-Windows-patch-to-avert-WannaCry-attacks

 

OK this is aimed at businesses but I doubt wannacry cares who owns the system it encrypts

If you are at all concerned the tl;dr is you need the MS17-010 patch on your system, if you use windows update you should get it automatically, not everyone keeps their systems up to date though

You can check the details on the Microsoft site here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

[duzenko]

 

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.

Read more at https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#qmdvIjfybffUCc92.99

What THE HELL do they mean by "exploits stolen from NSA"?

[esme]

It's a zero day windows exploit that the NSA discovered & instead of telling Microsoft about it so it could be fixed they developed a hacking tool so they could pwn any windows PC they liked

 

A huge bunch of hacking tools were stolen from the NSA not long ago

 

https://www.theregister.co.uk/2017/04/14/latest_shadow_brokers_data_dump/

[stumpy]

the exploit has been around for around for 10 years,

 

if you are on windows vista, 7, 8, 8.1, 10 the patch should have been added in march 2017 unless you've got critical microsoft updates turned off. windows xp no longer supported so there's no patch for that.

Edited May 16, 2017 by stumpy

[Bikerdude]

if you are on windows vista, 7, 8, 8.1, 10 the patch should have been added in march 2017 unless you've got critical microsoft updates turned off. windows xp no longer supported so there's no patch for that.

Well I thought my recent Win7 rebuild was upto date but the KB4012212 wasn't installed...

 

@Esme, I should have listed this info myself, so thanks for doing that. I have pinned the thread for the time being, as all users should be aware of this.

[Aosys]

https://support.microsoft.com/en-us/help/4012212/march-2007-security-only-quality-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1

 

Note this:

 

 

This Security Only Quality Update is not applicable for installation on a computer where the Security Monthly Quality Rollup or Preview of Monthly Quality Rollup from March 2017 (or a later month) is already installed, because those updates contain all of the security fixes that are included in this Security Only Quality Update.

[esme]

One thing you should all be aware of, this patch fixes a hole in the SMB server which is used for file sharing.

 

It will not stop someone sending you a malicious email with an exe attached or trying to get you to download & execute a package from some dodgy website.

 

As I understand it, Wannacry it has two modes of infection, the first is by the owner of the machine activating the virus by running it, so be careful when opening packages from other machines, keep your virus scanners up to date etc... and you should be OK

 

The second mode is what makes it spread so fast, if an infected machine is connected to a network with unpatched machines on it, it will use the SMB server hole to directly infect those machines and I believe no human interaction is required for this, so if you have guests & allow them access to your WiFi they could infect your machines just by connecting to the local network

 

This stops a Wannacry infected PC from infecting other PC's via a network connection, it's not a magic bullet to prevent you getting it by other means.

Edited May 16, 2017 by esme

[stumpy]

looks like the attack came from north korea, cyber crime lot says there's clues in the code that points it coming from that country.

 

apparently the patch is also available for computers using the xp operating system and other computers that are no longer getting up dates as a one off thing, according to microsoft website.

Edited May 16, 2017 by stumpy

[esme]

Yep, the only reason XP machines are affected so badly is because they are obsolete & don't get security patches in the normal course of updates.

 

So pretty much every banks ATM, every supermarket POS till, every piece of major hospital equipment like MRI scanners have XP embedded in them & very few get updates if any, there are rumours that the Trident fleet runs on XP too.

 

Plus the NHS standardised their software on XP ages ago & yes the government warned them about it being insecure, but then the UK Government denied them any means of dealing with it by cancelling support, bit like strapping them to a train track, telling them a train is coming & preventing them undoing the straps.

 

But any windows machine is vulnerable if the patch hasn't already been applied, so anyone who doesn't like Microsoft telemetry (spyware) for example may have turned updates off & missed this patch when applying security updates by hand

 

I've also seen the NK rumours I've also seen rumours pointing at Russia

[teh_saccade]

Trident use Submarine Command System New Generation (SCS-NG) that is nicknamed "windows for submarines". Perhaps this is from where stems the rumour

There's also the fact that, by design, this is an isolated system. Underwater, where you don't get 4G and the wifi's not so good.

50-odd nukes are not controlled by windows xp.

 

False-flag.

 

// It's youtube level to penetrate a site with a proxy-chain, VMware Kali, that makes it look like it came from your local MP's office (just email them and get the IP from the traceroute). It's the social engineering and what is the motivation of such action and response on behalf of "the good guys" that worries me more than anything.

Edited May 18, 2017 by teh_saccade