Ransomware Attack – How to verify if your devices are fully protected against WannaCry Ransomware

Posted on May 15, 2017 by brianmackie

This is an advisory post to help you confirm if your Windows devices are protected from the current ransomware attack, by having the critical Windows patch installed.

We’ve published a knowledge base article that explains in specific steps how to use Patch Management in the RMM Dashboard to check if your devices are protected – please see:

https://support.solarwindsmsp.com/kb/msp_rmm_(saas)/How-to-verify-if-your-devices-are-fully-protected-against-WannaCry-Ransomware

We’ve devised the list of Windows cumulative updates that contain the MS17-010 patch, which is listed below.

To determine if a cumulative update is superseded or not, you can use the Microsoft Update Catalog:

  1. Go to http://www.catalog.update.microsoft.com
  2. Search for one of the patches below (for example KB4015549)
  3. In the list of results, select the relevant OS version
  4. In the popup window, click the Package Details Tab, and view the box entitle ‘This update has been replaced by the following updates:’
  5. Click on any link in that box, to open the more recent patch
  6. Repeat steps 4 and 5 until This update has been replaced by the following updates shows N/A. The patch which shows N/A is the most recent cumulative update.

Following the above process we have established that the critical MS17-010 patch is bundled into these KBs, grouped by OS. If your device has one of these updates, it will have the essential MS17-010 patch as well.

Patches broken down by Operating System then by KB number:

  • Windows XP SP3 32-bit, Windows XP SP2 64-bit, Windows Server 2003 SP2 32-bit and 64-bit, Windows Vista SP2 32-bit and 64-bit, Server 2008 SP2 32-bit and 64-bit:
    • KB4012598
  • Windows 7 SP1 32-bit and 64-bit, Windows Server 2008 R2 SP1 64-bit:
    • KB4012212
    • KB4012215
    • KB4015549
    • KB4019264
  • Windows 8.1 32-bit and 64-bit, Windows Server 2012 R2:
    • KB4012213
    • KB4012216
    • KB4015550
    • KB4019215
  • Windows Server 2012:
    • KB4012214
    • KB4012217
    • KB4015551
    • KB4019216
  • Windows 10 32-bit and 64-bit:
    • KB4012606
    • KB4015221
    • KB4016637
    • KB4019474
  • Windows 10 version 1511 32-bit and 64-bit:
    • KB4013198
    • KB4015219
    • KB4016636
    • KB4019473
  • Windows 10 version 1607 32-bit and 64-bit, Windows Server 2016 64-bit:
    • KB4013429
    • KB4015217
    • KB4015438
    • KB4016635
    • KB4019472

 

This entry was posted in N-sight. Bookmark the permalink.