Updated steps to protecting your Windows machine from the likes of WannaCrypt

Topic

New Reply

A slightly revised list of steps to get MS17-010 installed on all Windows machines.

Original post at https://www.askwoody.com/2017/updated-steps-to-protecting-your-windows-machine-from-the-likes-of-wannacrypt/

Reply | Quote

Replies

So I have been bad and not updated since before Dec 2016 . Not sure where to begin . I wanted to be group B ,well guess I’m not cut out for it. So what articles or series of updates do I need to install and where to begin ? I run Win 7 home edition 64bit.  Do not have any interest in Win 10 .  Thank you , scolding is deserved but help is what I need.

Reply | Quote

Follow the directions in Woody’s post above.

Reply | Quote

What if you’re an unfortunate individual who’s had their updates blocked by Microsoft even though you’re on a supported chip? How am I supposed to patch if my updates are blocked? Microsoft tells me to update, but I can’t update.

Reply | Quote

Installing Win updates on Win 7 or 8.1 computers with Kaby Lake or Ryzen CPUs

Reply | Quote

Slightly old news, but I think the following should be a recommended update for everyone.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0279
CVE-2017-0279 | Windows SMB Remote Code Execution Vulnerability
Security Vulnerability
Published: 05/09/2017 | Last Updated : May 11, 2017

This is separate from the vulnerability that’s being used by WCry worm variants based on the EternalBlue exploit.

It’s part of the “2017-05 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4019472)” or the Version 1703 KB4016871 update.

Alternately, you could (as described elsewhere on this forum) disable SMB 1.x, but in many situations this is undesirable in corporate environments.  (Disabling this kills many network scanners, some commercial software breaks, etc.).

I am unable to cite a source at this time but I have good reason to believe that something may be coming.  No timeline was given to me.

Having said that, our consulting service installed this on 1607 ENT and PRO across the board for our clients on May 12th, (a total of 78 workstations on the Win 10 CBB) and we had exactly one workstation fail to patch the first time around, with no other problems or fallout for the last week. Ironically, the one unit that required TLC was a Microsoft Surface 2 Pro, and it recovered on the third forced boot and successfully installed the update.

~ Group "Weekend" ~

1 user thanked author for this post.

MrBrian

Reply | Quote

? says:

I looked in the  Win XP Pro and I had KB4012598 installed on 02/11/2017 with the February patch Tuesday. It was in catroot anyway… I clean the snot out of all my Windows machines. I really enjoy running Linux after all the years of Windows antics…

Reply | Quote

Interesting article in The Reg, if true it explains how MS were able to get the patches for XP and Server 2003 so fast

https://www.theregister.co.uk/2017/05/16/microsoft_stockpiling_flaws_too/

Reply | Quote

The XP and 2003 patches are based on the embedded version which is still under support.
Some people who are stubborn in not upgrading the old OS use a known hack to install the embedded version patches on the full XP.
Another reason is that Microsoft still supports Windows 2003 and XP, but it comes at a cost. Those patches are not available for free on Windows Update.

Reply | Quote

I believe XP Embeded was patched in March like the other versions of Windows.

Reply | Quote

Yes, but I think the point the article is making is that patches were released to those not paying for extended support and to great fanfare about how quickly MS had reacted, when they had already had them ready

Reply | Quote

Of course Microsoft had them ready. Companies pay for the XP patches. Microsoft makes them – and sells them. The decision to give them away is laudable, but it’s definitely in Microsoft’s best interest.

Reply | Quote

? says:

you are correct, yet again PKCano!

According to my March 14, 2017 update list for Windows XP:

KB4012204-IE

KB4012355- .Net 4

KB3216916- XML core services

KB4011981- Kernel security

KB4012497- Kernel mode, and graphics drivers

KB4012583- Graphics component(s)

KB4012584- Graphics security

KB4012598- SMB server

 

Reply | Quote

? also says:

anyone who cares can update XP on IE-8 through Microsoft updates:

http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

 

Reply | Quote

From WannaCry Ransomware Outburst:

“If are already hit by WannaCry ransomware and you are running one of the following Microsoft versions:

Windows 7 , Windows 8, Windows  8.1, Windows  10 with UAC and had shadow copies enabled prior to the infection you might be able to restore your files from shadow copy.

DO NOT click YES on the UAC prompt window appearing during infection.

The malware does not have a valid way of bypassing UAC so your shadow copies are never deleted.

You can disinfect the machine and then proceed in restoring all of your files using your shadow copies which are intact using this guide.”

2 users thanked author for this post.

NetDef, BobbyB

Reply | Quote

I would assert that its probably time for the XP users to probably “bite the bullet” and at the very least make the Jump to Win7. Yes I know its probably going to involve a bit of hardship but at least you may gain a little respite from malware stunts like this.
I used XP on this machine for many years being of 2001 vintage and Win7Prox86 runs well in actual fact better than XP ever did. XP for me was my least favourite OS but the one I ran for the longest. (yep still yearning for Win2k Pro) but alas time and exploits move on and so must we all.
There are little fixes out there that can enable you to still get updates for XP but they are not really targetted at the average user and in any case I believe they will finish in 2019 for the POS versions. Really what ever your experiences with Windows update its now apparent that a bit prudent updating is required on a fairly regular basis, even if just using my take on it were I rely on posts here and the net in general before updating (home use) for the howls of rage or the nods of satisfaction. Not exactly science and not exactly precise but it works. Yeah M$ sends the odd irritant down the “update shute” but no RSOD (Red Screen Of Death) yet.

Reply | Quote

ICS-CERT Releases WannaCry Fact Sheet
Original release date: May 17, 2017
 

The Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar attacks in the future.

US-CERT encourages users and administrators to review the ICS-CERT Fact Sheet on WannaCry and the US-CERT Current Activity on the topic…

1 user thanked author for this post.

Jan K.

Reply | Quote

I have a quick question for you – which I strongly suspect is one of those things that everyone but me knows, but (shrug) that’s how you learn things, right? I saw in the InfoWorld article on WannaCry that if you have a pirated version of Windows XP, you could run in to problems with installing the update to protect you from WannaCry. So, here’s my question – how do I know if my laptop has the real thing or a pirated version? I got it as a hand-me-down last year from someone who was getting a new one. Short of calling and asking the person directly, is there somewhere I can just find this information on the laptop itself? If it is the pirated version and everything goes sideways, and I then try to track down a real copy of Windows 7, how can I know if it’s a “real” one or a “fake”?

Yes, I really am that clueless. I’ve been teaching myself bits and pieces since the overly determined Windows 10 mess started, but there are still things I need to learn, so some clarification/help would be lovely.

Thank you – your site has been a huge help to me and I really appreciate all you and the other posters do to help out the rest of us.

Reply | Quote

@anonymous If you want windows 7 or 8.1 or even 10 you can find genuine M$ copies available on GitHub.
these are clean direct from M$ Tech Bench despite the appearence of the pages.
As of posting I am unaware that you can update directly from the desktop so you might want to backup your data beforehand. Its likely you may have to format your disk beforehand.
You can either Burn it to a CD/DVD or make a USB using RUFUS and Boot from it.
Theres a little trick with Win7 if you extract all the files using 7zip to a folder go in to Sources and delete the EI.CFG file then either remake the .iso image, Burn to disk or even create a USB stick with RUFUS then just delete the EI.CFG file on the freashly made stick and then BOOT from whatever medium you created you will get a choice during install as to what version you get.
As for obtaining Win7 keys I really cant suggest much save there are cheap key options out there as to how legal/genuine/reliable they maybe I wish I could say 🙁
If you machine has 40gb + 1.2gb RAM and a reasonably fast processor it will run Win7 all versions really quite well (mine does) if you have more all well & good. The trick for any Windoze even since the early versions is dont fill you HDD up with lots of stuff and it runs quite happily and fast, It even runs Win7 faster than XP ever did. Hope this has been of some help 🙂

Edit to remove active links

Reply | Quote

@anon 116384
This MS page has information about genuine Windows OS.

This may answer some of your questions. I found out that critical security updates are still available, even if validation doesn’t confirm a genuine copy:

Regardless of genuine status, you’ll still be able to get critical security updates. However, if your copy of Windows isn’t genuine, you won’t be able to install many updates that are exclusively for customers with genuine Windows.

Reply | Quote

@ anonymous#116384

Please refer to the Tool at …
https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/windows-7-not-genuine-7601/3b7ba074-c736-4664-84c8-cd981dc9c423
https://answers.microsoft.com/en-us/windows/forum/windows_7-pictures/windows-genuine-advantage-validation-tool-no/5a4a3848-ad6a-4d65-a1d4-2f2185a6f3ab

Reply | Quote

How to verify that MS17-010 is installed

Reply | Quote