Which particular updates fix the WannaCry enabling SMB "flaw"?
Which particular updates fix the SMB "flaw"?
This has been fully documented by Microsoft.
MS17-010: Security update for Windows SMB Server: March 14, 2017
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.
To learn more about the vulnerability, see Microsoft Security Bulletin MS17-010.
The following articles contain more information about this security update as it relates to individual product versions. These articles may contain known issue information.
- 4012598 MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
- 4012216 March 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2
- 4012213 March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2
- 4012217 March 2017 Security Monthly Quality Rollup for Windows Server 2012
- 4012214 March 2017 Security Only Quality Update for Windows Server 2012
- 4012215 March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
- 4012212 March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1
- 4013429 March 13, 2017—KB4013429 (OS Build 933)
- 4012606 March 14, 2017—KB4012606 (OS Build 17312)
- 4013198 March 14, 2017—KB4013198 (OS Build 830)
Source MS17-010: Security update for Windows SMB Server: March 14, 2017
Notes:
-
Microsoft has released patches for unsupported versions of Windows:
Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64
-
Microsoft has released updates to Windows Defender to detect the threat.
- Updating your Microsoft antimalware and antispyware software contains instructions for manually updating the definitions if you don't have automatic updating enabled for Windows Defender.
Customer Guidance for WannaCrypt attacks
Today many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.
Details are below.
- In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
- For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
- This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).
Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.
Source Customer Guidance for WannaCrypt attacks
Further Reading
- How is the “WannaCry” Malware spreading and how should users defend themselves from it?
- Microsoft Security Bulletin MS17-010 - Critical - Security Update for Microsoft Windows SMB Server (4013389)
Related videos on Youtube
dtech
Updated on September 18, 2022Comments
-
dtech almost 2 years
When WannaCry struck a couple of days back, it was understandable that many computers did not have the SMB "flaw" patched, due to many people being discouraged due to MS's practices of pushing telemetry (or maybe just call it spyware?) and nagging or even automatic updates to W10 trough the update system.
In light of that, I think it will be beneficial to point out which particular updates patch that up, so people can install them selectively.
This includes both the updates from March 14, 2017, which were released
the very same dayexactly one month before the EternalBlue exploit became known to the public, and the updates that were issued post the May 12 WannaCry ransomware epidemic.-
Mathew Lionnet about 7 yearsDon't turn off auto-updates. If you do not trust Microsoft, don't use Windows but,other than that staying current can't be easier. (Besides I think Win10 was never vulnerable)
-
dtech about 7 yearsThanks for the insightful advice, but the last time I did that I got "telemetred" big time. It was a workstation system, with software that doesn't run on anything other than windows, with massive amounts of data being written on regular basis. Telemetry is not only spyware, but lousily written at that, it choked on the massive amount of data on the system, the HDDs kept on screeching for hours and the system was so unresponsive it was practically useless and no work could be done on it. So thanks, but no, thanks! I'd rather just take it completely offline.
-
TOOGAM about 7 years@dtech: Going offline may be an option. Another option may be to stop using Windows. Trying to use Windows, but fighting Microsoft's intended design, is likely to become an ever-increasing losing battle as Microsoft keeps changing software. For instance, I've seen a business that dislikes using Microsoft Firewall, and with recent Windows versions they experienced problems with trying to share printers. Since Microsoft really wants the user experience to be controlled, resisting that control is likely to be harder and more problematic as time goes on (when you use Microsoft).
-
dtech about 7 yearsI don't think it is "fighting intended design" - windows 7, which I am using, was not designed to run "telemetry" or force me to update to something else. It is about keeping away from their increasingly absurd whims. Imagine this, you buy a car, as it is, which you can drive anywhere. A few years later the manufacturer forces you to install a GPS tracker, forces you to run a 10 KW flashing advertisement on your rooftop, and also tells you that you can only drive your car to its store brands, and nowhere else, all for your own good. Well, I didn't pay for that.
-
dtech about 7 yearsAnd since they don't have the courtesy to support the existing product without ruining it deliberately in the process, the next best thing is to keep them from doing it. I am working to migrate away from MS in the future, but such things take time. But for the time being, I'd like to be able to use the product I already paid for and supposedly own, without having them ruining it.
-
-
dtech about 7 yearsI meant more like particular KBxxxx entries. I did some searching but did not find specific information on the subject.
-
DavidPostill about 7 years@dtech The information was in the links I already included. I've updated the answer to directly include the KB article links.
-
szako about 7 yearsIf someone doesn't find
KB4012212 / 5
in their update list, he can check forKB4019264
, it contains the fix forMS17-010
for Win7. -
hakre about 7 yearsLocalized versions for Windows XP SP3 do not work, the website provides the XPe(?) (Embedded) localized versions. Looks like there is a mistake on the download page itself as the title of the download is correct ("Windows XP SP3 (KB4012598)" microsoft.com/en-US/download/details.aspx?id=55245 - id=55245), but filename is
WindowsXP-KB4012598-x86-Embedded-Custom-ENU.exe
and it gives error about wrong operating system version on install. See as well bleepingcomputer.com/forums/t/646519/… - Catalog does not work with a non Windows OS. -
DavidPostill about 7 years@hakre Thanks, but there is nothing I can do to fix that.
-
hakre about 7 yearsI know, I found some links for Win XP DE and Win 2003 DE: ijn this (german) thread: heise.de/forum/heise-online/News-Kommentare/…
-
Matteo Conta about 7 yearsHere is a link for the KB4012212 download if not present on your update history catalog.update.microsoft.com/search.aspx?q=4012212
-
Overmind about 7 yearsFor Windows 7 32 and 64-bit, KB4012212 xor KB4012215 are not listed in the updates and do not install automatically. They can be installed manually from MS's update catalog. Problem: do that on thousands of computers.
-
DavidPostill about 7 years@Overmind They were at the time of writing the answer, but have been replace by later monthly updates, as noted in another comment
-
Overmind about 7 yearsI though so too, but I could not find information on what other updates include those too. Can you please link some info on this ? Thank you. Note that installing KB4012212 or an up to date W7 system does not list the update in the updates, even if it installs.
-
DavidPostill about 7 years@Overmind If you install the latest rollups you will also get the fixes from all previous rollups. See support.microsoft.com/en-us/help/4009469 and read the rollup links on the left.
-
Overmind about 7 yearsI understand that, but there is no KB4-series updates on any of the systems, while the systems are up to date. I wanted to know which other KB3-series updates are a replacement/equivalent for the 4012212/5.
-
DavidPostill about 7 yearsThe windows update catalog has that info. For example catalog.update.microsoft.com/… shows what KB3-series it replaces. Click on "package Details"