Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft - Customer Guidance for WannaCrypt attacks

16 May 2017   #1
Brink

64-bit Windows 10 Pro
 
 
Microsoft - Customer Guidance for WannaCrypt attacks

Quote:
Microsoft solution available to protect additional productsToday many of our customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyberattacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers. This blog spells out the steps every individual and business should take to stay protected. Additionally, we are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack today.

Details are below.
  • In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.
  • For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt. As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.
  • This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks).
We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download (see links below).

Customers who are running supported versions of the operating system (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016) will have received the security update MS17-010 in March. If customers have automatic updates enabled or have installed the update, they are protected. For other customers, we encourage them to install the update as soon as possible.

This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.

Some of the observed attacks use common phishing tactics including malicious attachments. Customers should use vigilance when opening documents from untrusted or unknown sources. For Office 365 customers we are continually monitoring and updating to protect against these kinds of threats including Ransom:Win32/WannaCrypt. More information on the malware itself is available from the Microsoft Malware Protection Center on the Windows Security blog. For those new to the Microsoft Malware Protection Center, this is a technical discussion focused on providing the IT Security Professional with information to help further protect systems.

We are working with customers to provide additional assistance as this situation evolves, and will update this blog with details as appropriate.

Update 5/22/2017: Today, we released an update to the Microsoft Malicious Software Removal Tool (MSRT) to detect and remove WannaCrypt malware. For customers that run Windows Update, the tool will detect and remove WannaCrypt and other prevalent malware infections. Customers can also manually download and run the tool by following the guidance here. The MSRT tool runs on all supported Windows machines where automatic updates are enabled, including those that aren’t running other Microsoft security products.

See: KB890830 Windows Malicious Software Removal Tool 5.48 - May 2017 - Windows 7 Help Forums

Phillip Misner, Principal Security Group Manager Microsoft Security Response Center

Further resources:
Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/secu...ansomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/.../ms17-010.aspx


Source: Customer Guidance for WannaCrypt attacks MSRC


See also: WannaCrypt ransomware worm targets out-of-date systems Windows Security


My System SpecsSystem Spec
.
16 May 2017   #2
antioch

Windows 7 Professional SPI 64bit
 
 

Hi Brink
I dont see one for WIN7 in the above list - was it included in the security only KB4012212 for March 2017?
Antioch
My System SpecsSystem Spec
16 May 2017   #3
Brds7t7

Windows 7 Pro & Ultimate (64-Bit) Retail, Windows 8.1 Pro (64-Bit) Retail
 
 

Quote   Quote: Originally Posted by antioch View Post
Hi Brink
I dont see one for WIN7 in the above list - was it included in the security only KB4012212 for March 2017?
Antioch
Hi Antioch,
if you installed either the March quality rollup or the March Security-only update then you're patched against that variant of Wannacrypt. I'm sure there will be more variations of it popping up in future though.

Be sure to keep all your security software (Anti-Virus/Malware) up to date. Another good piece of software I use is CryptoPrevent which is specifically designed to protect against Ransomware. There are also free Anti-Ransomware programs from other vendors, such as BitDefender.
My System SpecsSystem Spec
.

16 May 2017   #4
Brink

64-bit Windows 10 Pro
 
 

My System SpecsSystem Spec
17 May 2017   #5
FerchogtX

Microsoft Windows 7 Home Premium SP1 64-bit Build 7600 / Microsoft Windows XP Professional SP3
 
 

Correct me if I'm wrong, but, isn't this worm specifically (if not mainly) designed for enterprises? Not to make this less important, but seems they are more at risk than home users as far as I tell...

Anyway, just patched both my W7 machines, and installed the cumulative update for the W10 one...
My System SpecsSystem Spec
17 May 2017   #6
z3r010

 

No, it's for any vulnerable machine.
My System SpecsSystem Spec
17 May 2017   #7
FerchogtX

Microsoft Windows 7 Home Premium SP1 64-bit Build 7600 / Microsoft Windows XP Professional SP3
 
 

Quote   Quote: Originally Posted by z3r010 View Post
No, it's for any vulnerable machine.
Gotcha, thanks a bunch
My System SpecsSystem Spec
17 May 2017   #8
antioch

Windows 7 Professional SPI 64bit
 
 

Many thanks to Brds and Brink for confirming. I have KB4012212 installed.

Antioch
My System SpecsSystem Spec
Reply

 Microsoft - Customer Guidance for WannaCrypt attacks




Thread Tools




Similar help and support threads
Thread Forum
New policy and guidance for Microsoft Enterprise Agreement customers
Source: Another step in licensing transformation: new policy and guidance for Enterprise Agreement customers - Microsoft Volume Licensing Blog - Site Home - TechNet Blogs
News
Microsoft Customer support gone wrong
Hi there. I went to the support page for Office but when you must key in the product ID it does not accept the ID. The reason as to why it is doing this: it is asking for the Windows OS product key and not the Office key. Of course if I do key in my OS key, it being an OEM version, it will prompt...
Microsoft Office
Microsoft Office 2013 Customer Preview Released
Download Office 2013 Customer Preview Today Office 2013 Preview Resource Kit Deployment guide for Office 2013 Preview Download Link : Microsoft Office Customer Preview Office 2013 Serial Key - Get your Serial key here
News
Microsoft Office 2013 Customer Preview
Download Office 2013 Customer Preview Today Office 2013 Preview Resource Kit Deployment guide for Office 2013 Preview Download Link : Microsoft Office Customer Preview Office 2013 Serial Key - Get your Serial key here
Microsoft Office
Microsoft Customer Satisfaction Improves, Likely due to Win7
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:53.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App