Well, it’s a very exciting day in IT. Or terrifying, depending on your perspective.
Just last week I hosted an educational event that posed the idea you could be fired for not accelerating your migration to Windows 10. That’s just not for no reason – you can’t survive in the new world of patch compliance if you aren’t using the current branch of everything (Windows, tools, applications).
For a little background, today we witnessed a large-scale global ransomware attack, known as Wcry (or WannaCry), targeting an (*ahem*) allegedly nation-state sourced exploit known as Eternalblue. Here are the broad strokes:
- It is a self-propagating ransomware payload based on the Eternalblue exploit
- The vulnerability is mitigated by MS17-010 released in March 2017
- All supported (mainstream or extended) versions of Windows and Windows Server are affected
How this is going to get sysadmins fired is CIO’s finding out the vulnerability was patched in March. You know, like 2 months ago.
What did your April patch compliance report show for MS17-010?
Right now there are only two types of people in this world, let’s see what you should expect based on which one you are.
I’ve been infected. What can I do?
- Forget change control exists, and deploy MS17-010 immediately. Everywhere. To everything running Windows. Even remote computers. Even the CEO’s computer.
- Disable SMBv1 at endpoints
- Force update of endpoint protection definitions / engine everywhere
- Take appropriate steps at your network perimeter
- Restore or re-provision infected endpoints
- Throw your Windows XP computers into the Sun, or a nearby gorge
- Double-check your compliance reports and prepare for Monday’s super awesome status meeting
- Modernize your systems management toolsets
- Migrate to Windows 10
- Eat, sleep and implement Critical Security Controls
- Shorten your patch compliance window to less than 30 days
- Implement complementary vulnerability management solutions to verify your patch solution’s reported compliance
I don’t know I’ve been infected.
- Yes you have. Avoid the CSO, see advice above.
PS – There’s likely nobody that’s not going to be infected. In only a few hours, nearly 100 countries have been affected.
PSS – If you have 100% patch compliance and you can prove it I will buy you a