Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

what patches do we need for 2012 R2 to prevent WannaCry

Permissions, Group Policy, IPSec, Virus, Spam, Spyware, Malware.

what patches do we need for 2012 R2 to prevent WannaCry

Postby chicagotech » Mon May 15, 2017 10:23 pm

When checking our Windows 2012 R2 update, I don't see critical SMB remote code execution vulnerability (CVE-2017-0148) for which Microsoft has already released a patch (MS17-010). To prevent WannaCry, what do we need to install?
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6920
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: what patches do we need for 2012 R2 to prevent WannaCry

Postby chicagotech » Mon May 15, 2017 10:24 pm

To prevent WannaCry on Windows Server 2012R2, the order for hotfix installation is:

kb3021910 (no restart needed) -> kb2919355 -> kb4012213.

If the update fails to install, we can temporarily disable SMBv1 as one workaround:

<Disable SMBv1 >

1.Open Server Manager and then click the Manage menu and select Remove Roles and Features.

2.In the Features window, clear the SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.

3.Restart the system.

Impact: The SMBv1 protocol will be disabled on the target system.

In addition, please also follow:

(1) The priority is that your anti-virus can detect the malware. Verify that you have up-to-date signatures.

(2) Make sure that users have the level of knowledge required to never click on suspicious attachments even if they are displayed with a familiar icon (office or PDF document). Where an attachment opening offers the execution of an application, users must under no circumstances accept execution and in doubt, users should you consult and/or consult the competent computer.

Another reference share with you: https://blogs.technet.microsoft.com/msr ... t-attacks/
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6920
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: what patches do we need for 2012 R2 to prevent WannaCry

Postby chicagotech » Tue May 16, 2017 10:36 am

Simply, disable SMBv1 on all servers
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6920
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: what patches do we need for 2012 R2 to prevent WannaCry

Postby chicagotech » Tue May 16, 2017 2:51 pm

Protection Recommendations
• Install Microsoft security patches that eliminate the vulnerability exploited by WannaCry.
o These patches were issued for newer versions of Windows in March.
o Microsoft has also taken the unprecedented step of issuing a patch for Windows XP, an old operating system that Microsoft no longer supports on a regular basis but is doing so in this critical situation.
• Engage the IT security team to back up critical data, so that even if data is locked up, there are copies elsewhere, to which a company can turn.
• If they have not done so already, IT security teams should deploy antivirus and malware signatures associated with the threat. The Department of Homeland Security’s cyber operations center has posted these signatures. (TierPoint can facilitate interaction with government authorities, if clients are interested.)
• If they have not done so already, clients should formulate a ransomware incident response plan, so their company is ready to spring into action if its systems are hit.
o The law firm of Paul Hastings can help develop these plans, if clients do not have another resource.
o These plans should consider whether or not to pay ransom; whether and how to interact with law enforcement and regulators; a process to restore operations; and public and customer communication actions.
• Consider requiring all employees with email access to refresh themselves on counter-phishing training.
o Over the weekend, a security researcher identified a “kill switch” that partially stopped WannaCry’s spread.
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
chicagotech
Site Admin
 
Posts: 6920
Joined: Mon Nov 27, 2006 1:24 pm
Location: Chicago USA

Re: what patches do we need for 2012 R2 to prevent WannaCry

Postby blin » Wed May 24, 2017 11:07 am

The Prerequisite for the hotfix:
•For win 8 / 8.1 / 2012 / 2012 r2, kb2919355

Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update: April 2014

https://support.microsoft.com/en-us/hel ... april-2014

the kb2919355 has prerequisites on kb2919442 as:

2919442 A servicing stack update is available for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2: March 2014

https://support.microsoft.com/en-us/hel ... er-2012-r2

However, the kb2919442 are superseded by kb3021910 on win 2012 r2.

April 2015 servicing stack update for Windows 8.1 and Windows Server 2012 R2

https://support.microsoft.com/en-us/hel ... er-2012-r2

so on windows 2012 r2, the order for hotfix installation is:

kb kb3021910 (no restart needed) -> kb2919355 -> MS17-010.
How to Configure and Troubleshoot Cisco
http://www.howtocisco.com

Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com
blin
Site Admin
 
Posts: 3636
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA


Return to Security

Your Ad Here

Who is online

Users browsing this forum: No registered users and 1 guest