Jump to content
The Dark Mod Forums
Sign in to follow this  
esme

WannaCry Ransomware: Latest windows patch/s

Recommended Posts

http://www.computerweekly.com/news/450418770/Businesses-urged-to-apply-Windows-patch-to-avert-WannaCry-attacks

 

OK this is aimed at businesses but I doubt wannacry cares who owns the system it encrypts

If you are at all concerned the tl;dr is you need the MS17-010 patch on your system, if you use windows update you should get it automatically, not everyone keeps their systems up to date though

You can check the details on the Microsoft site here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Share this post


Link to post
Share on other sites

 

The WannaCrypt exploits used in the attack were drawn from the exploits stolen from the National Security Agency, or NSA, in the United States.

Read more at https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#qmdvIjfybffUCc92.99

What THE HELL do they mean by "exploits stolen from NSA"?


Amnesty for Bikerdude!

Share this post


Link to post
Share on other sites

the exploit has been around for around for 10 years,

 

if you are on windows vista, 7, 8, 8.1, 10 the patch should have been added in march 2017 unless you've got critical microsoft updates turned off. windows xp no longer supported so there's no patch for that.

Edited by stumpy

Share this post


Link to post
Share on other sites

if you are on windows vista, 7, 8, 8.1, 10 the patch should have been added in march 2017 unless you've got critical microsoft updates turned off. windows xp no longer supported so there's no patch for that.

Well I thought my recent Win7 rebuild was upto date but the KB4012212 wasn't installed... :blink:

 

@Esme, I should have listed this info myself, so thanks for doing that. I have pinned the thread for the time being, as all users should be aware of this.

Share this post


Link to post
Share on other sites

https://support.microsoft.com/en-us/help/4012212/march-2007-security-only-quality-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1

 

Note this:

 

 

This Security Only Quality Update is not applicable for installation on a computer where the Security Monthly Quality Rollup or Preview of Monthly Quality Rollup from March 2017 (or a later month) is already installed, because those updates contain all of the security fixes that are included in this Security Only Quality Update.

Share this post


Link to post
Share on other sites

One thing you should all be aware of, this patch fixes a hole in the SMB server which is used for file sharing.

 

It will not stop someone sending you a malicious email with an exe attached or trying to get you to download & execute a package from some dodgy website.

 

As I understand it, Wannacry it has two modes of infection, the first is by the owner of the machine activating the virus by running it, so be careful when opening packages from other machines, keep your virus scanners up to date etc... and you should be OK

 

The second mode is what makes it spread so fast, if an infected machine is connected to a network with unpatched machines on it, it will use the SMB server hole to directly infect those machines and I believe no human interaction is required for this, so if you have guests & allow them access to your WiFi they could infect your machines just by connecting to the local network

 

This stops a Wannacry infected PC from infecting other PC's via a network connection, it's not a magic bullet to prevent you getting it by other means.

Edited by esme
  • Like 1

Share this post


Link to post
Share on other sites

looks like the attack came from north korea, cyber crime lot says there's clues in the code that points it coming from that country.

 

apparently the patch is also available for computers using the xp operating system and other computers that are no longer getting up dates as a one off thing, according to microsoft website.

Edited by stumpy
  • Like 1

Share this post


Link to post
Share on other sites

Yep, the only reason XP machines are affected so badly is because they are obsolete & don't get security patches in the normal course of updates.

 

So pretty much every banks ATM, every supermarket POS till, every piece of major hospital equipment like MRI scanners have XP embedded in them & very few get updates if any, there are rumours that the Trident fleet runs on XP too.

 

Plus the NHS standardised their software on XP ages ago & yes the government warned them about it being insecure, but then the UK Government denied them any means of dealing with it by cancelling support, bit like strapping them to a train track, telling them a train is coming & preventing them undoing the straps.

 

But any windows machine is vulnerable if the patch hasn't already been applied, so anyone who doesn't like Microsoft telemetry (spyware) for example may have turned updates off & missed this patch when applying security updates by hand

 

I've also seen the NK rumours I've also seen rumours pointing at Russia

  • Like 1

Share this post


Link to post
Share on other sites

Trident use Submarine Command System New Generation (SCS-NG) that is nicknamed "windows for submarines". Perhaps this is from where stems the rumour

There's also the fact that, by design, this is an isolated system. Underwater, where you don't get 4G and the wifi's not so good.

50-odd nukes are not controlled by windows xp.

 

False-flag.

 

// It's youtube level to penetrate a site with a proxy-chain, VMware Kali, that makes it look like it came from your local MP's office (just email them and get the IP from the traceroute). It's the social engineering and what is the motivation of such action and response on behalf of "the good guys" that worries me more than anything.

Edited by teh_saccade
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...