Ask the Community
Groups
MS17-010 - Ransomware - WannaCrypt - Connect IT Community | Kaseya
<main> <article class="userContent"> <p dir="auto">Based on this article: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4013389%2Ftitle" rel="noopener noreferrer nofollow">https://support.microsoft.com/en-us/help/4013389/title</a> the installation of <strong>KB4012598</strong> will protect you again this new exploit. March Security Update Bulletin included the KB that addresses this issue (<a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4013389%2Ftitle">https://support.microsoft.com/en-us/help/4013389/title</a>).</p> <p dir="auto">Furthermore, this KB patch has been released for these Operating Systems:</p> <p dir="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/ROM19NGBIYUB/001.jpg" alt="001.jpg" class="embedImage-img importedEmbed-img"></img></p> <p dir="auto"><strong>NOTE:</strong> Microsoft released, on 05-13-17, patches for Windows XP, 8 and server 2003 even as these Operating Systems are no longer being supported.</p> <p dir="auto"><strong>SOLUTION</strong></p> <p dir="auto">As this KB has been released via the Microsoft Update Catalog, in order to utilize Patch Management to deploy this KB please scan the machines once again and the patch will become available for download and install.</p> <p dir="auto">For further information, please review Microsoft's article about this issue: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fblogs.technet.microsoft.com%2Fmsrc%2F2017%2F05%2F12%2Fcustomer-guidance-for-wannacrypt-attacks%2F" rel="noopener noreferrer nofollow">https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/</a></p> <p dir="auto"> </p> <p dir="auto"><strong>DETAILS REGARDING PATCH MANGEMENT</strong></p> <p dir="auto">The main issue with reporting on this patch is that Microsoft released it on multiple rollups, that being said as long as you are scanning your machines and have approved the patches it should have been rolled out. If this particular patch does not appear in the patch update page that the machines did not detect this as vulnerability and was likely included in another patch.</p> <p dir="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/XHIWCJD612B0/2017-05-14-0815.png" alt="2017-05-14_0815.png" class="embedImage-img importedEmbed-img"></img></p> <p dir="auto"> </p> <p dir="auto">If you like some additional peace of mind and would like to deploy that patch manually you use the patch deploy method in the Agent procedures module, by referencing the particular KB where the OS specific patch was included by Microsoft. The information can be found in the links bellow. Both The approval by patch page and patch update will show you if any machine still needs this patch to approved or applied manually.</p> <p dir="auto"><img src="https://us.v-cdn.net/6032361/uploads/migrated/FQH51HLCVPHA/2017-05-14-0816.png" alt="2017-05-14_0816.png" class="embedImage-img importedEmbed-img"></img></p> <p dir="auto"> </p> <p dir="auto">Please find below Microsoft's list of the appropriate patch KB number for the "<strong>Wanna Crypt</strong>" update based on the Operating System Version and build.</p> <p dir="auto"><a rel="nofollow" href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fsecurity%2Fms17-010.aspx">https://technet.microsoft.com/en-us/library/security/ms17-010.aspx</a></p> </article> </main>