Customer Guidance for WannaCrypt attacks
MSRC Team May 12, 2017
Microsoft solution available to protect additional products
Today many of our customers around the world and the critical systems they
depend on were victims of malicious ôWannaCryptö software. Seeing businesses and
individuals affected by cyberattacks, such as the ones reported today, was
painful. Microsoft worked throughout the day to ensure we understood the attack
and were taking all possible actions to protect our customers. This blog spells
out the steps every individual and business should take to stay protected.
Additionally, we are taking the highly unusual step of providing a security
update for all customers to protect Windows platforms that are in custom support
only, including Windows XP, Windows 8, and Windows Server 2003. Customers
running Windows 10 were not targeted by the attack today.
Details are below.
In March, we released a security update which addresses the vulnerability
that these attacks are exploiting. Those who have Windows Update enabled are
protected against attacks on this vulnerability. For those organizations who
have not yet applied the security update, we suggest you immediately deploy
Microsoft Security Bulletin MS17-010.
For customers using Windows Defender, we released an update earlier today
which detects this threat as Ransom:Win32/WannaCrypt. As an additional
ôdefense-in-depthö measure, keep up-to-date anti-malware software installed on
your machines. Customers running anti-malware software from any number of
security companies can confirm with their provider, that they are protected.
This attack type may evolve over time, so any additional defense-in-depth
strategies will provide additional protections. (For example, to further protect
against SMBv1 attacks, customers should consider blocking legacy protocols on
their networks).
We also know that some of our customers are running versions of Windows that no
longer receive mainstream support. That means those customers will not have
received the above mentioned Security Update released in March. Given the
potential impact to customers and their businesses, we made the decision to make
the Security Update for platforms in custom support only, Windows XP, Windows 8,
and Windows Server 2003, broadly available for download (see links below).
Customers who are running supported versions of the operating system (Windows
Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1,
Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016)
will have received the security update MS17-010 in March. If customers have
automatic updates enabled or have installed the update, they are protected. For
other customers, we encourage them to install the update as soon as possible.
This decision was made based on an assessment of this situation, with the
principle of protecting our customer ecosystem overall, firmly in mind.
Some of the observed attacks use common phishing tactics including malicious
attachments. Customers should use vigilance when opening documents from
untrusted or unknown sources. For Office 365 customers we are continually
monitoring and updating to protect against these kinds of threats including
Ransom:Win32/WannaCrypt. More information on the malware itself is available
from the Microsoft Malware Protection Center on the Windows Security blog. For
those new to the Microsoft Malware Protection Center, this is a technical
discussion focused on providing the IT Security Professional with information to
help further protect systems.
We are working with customers to provide additional assistance as this situation
evolves, and will update this blog with details as appropriate.
Phillip Misner, Principal Security Group Manager Microsoft Security Response
Center
Further resources:
Download English language security updates: Windows Server 2003 SP2 x64, Windows
Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded
SP3 x86, Windows 8 x86, Windows 8 x64
Download localized language security updates: Windows Server 2003 SP2 x64,
Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP
Embedded SP3 x86, Windows 8 x86, Windows 8 x64
General information on ransomware:
https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx
MS17-010 Security Update:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
note from poster : now there is lot of links, not going to put them in, but here
is the main url for this info : http://tinyurl.com/me8rx8g
---
■ Synchronet ■ Time Warp of the Future BBS - Home of League 10 IBBS Games
|
