If you haven't yet heard about the WannaCry ransomware worm that's wreaking havoc on PCs around the globe, we guess you're an Eastern mystic just aroused from weeks of deep meditation.
The malware that locks up data files on infected computers and demands Bitcoin payments for their safe release has lit up news sites as fast as it is shutting down computers.There's plenty of good advice on offer about how to defend yourself, but one user group is at particular risk. If you're running Windows 7, it's time to take a close look at your machine.
Microsoft recognised the security hole that WannaCry exploits last March, and promptly released security bulletin MS17-010, explaining that there were flaws in its SMB
network protocol.
network protocol.
In Microsoft-speak, it announced that "the most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 server." That's exactly what WannaCry does.
The company immediately released security updates for affected operating systems including, unusually, versions that are out of their technical support period like Windows XP and Windows 8.0.
The vulnerability was considered so serious that they relented from their normal policy, "you're out of support, so you're out of luck", and provided a solution.
If your Windows XP, Vista, 8.0, Server 2003 or Server 2008 machine hasn't been updated, visit the Microsoft Update Catalog online and search for KB4012598. A standalone fix is available for download.
But you won't find a patch on that page for Windows 7 machines, because that's still under support. Microsoft expects Win 7 units to protect themselves automatically relying on its Windows Update feature.
The problem is that some Windows 7 installations mysteriously stop updating, and can be hard to kickstart again. We've already seen several desktops where a check of the update history discloses that patches haven't been applied since well before March 2017.
For pirated copies of the operating system, this is an expected behaviour. But it can happen with legitimate versions too.
As always, good folks have posted plenty of advice on how to fix the problem, like deleting various update files that might have corrupted and allowing Windows to automatically rebuild them.
Sometimes, you find a solution that restores normal update operation. Sometimes, the problem remains intractable. So you have a Windows 7 PC that is a sitting target for WannaCry and any other similar exploits that happen down the highway.
What can you do to mitigate risk, when some experts claim that an exposed machine might be infected at any moment?
How to react
Of course, you can remove it from service or at least disconnect it from the internet and any other network, and immediately copy important data to removable storage that you then disconnect. That at least limits the damage. But you might not have that option.
If you have any backups, hold on to them – especially ones that were created before this year. Even if you were infected early, a December 2016 back up is likely to be clean. And make a current backup as well.
In a situation like this, there's no such thing as too many backups.
Ensure that your antivirus software is up to date and run a full scan. All the major products now detect WannaCry, so you can minimise your risk even though your underlying operating system is still vulnerable.
With that comfort that you're not currently infected, head back to the Microsoft Update Catalog and search for KB4012215, where you will find a downloadable version of Microsoft's March patch for Windows 7.
Naturally, try installing it, and give a little cheer if it completes. In many cases where Windows 7 refuses to cooperate with the automated Windows Update feature, it won't complete manually downloaded patches either, but it's worth a try.
Consider upgrading the machine to Windows 10, which already uses a more secure version of SMB. If your hardware handles it, Win 10 is a better option anyway.
If Win 10 is not an option and you still want even more protection for an unpatchable Windows 7 PC, it often does no harm to switch off SMB 1.0 completely.
Search "Microsoft SMB 1.0 deactivate" for instructions from Microsoft Support.
There are a vast number of Windows 7 systems still in service and a proportion of these just won't update, but that's no reason to trust in sheer luck when it comes to WannaCry.
No comments:
Post a Comment