Microsoft has released MS17-010 in March to address the vulnerabilities (CVE-2017-0144 and CVE-2017-0145) that the Petya ransomware exploits to spread across networks. Consequently, BigFix has previously released the corresponding the Fixlets.
We encourage following Microsoft’s recommendations. If you have not done so, apply MS17-010 to patch the vulnerability. Otherwise apply KB2696547 to disable Microsoft Server Message Block 1.0 (SMBv1).
Note that some Fixlets related to the WannaCry vulnerability had their supersedence reversed and might show as relevant. If you have applied these Fixlets before, you do not have to apply them again.
To properly patch your device, apply the respective Fixlets for the following operating systems.
I. Security Bulletin MS17-010
KB4012212 - Windows Server 2008 R2 SP1, Windows 7 SP1
MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows Server 2008 R2 SP1 - KB4012212 (x64) (ID: 1700631)
MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-020, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows 7 SP1 - KB4012212 (x64) (ID: 1700633)
MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-020, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows 7 SP1 - KB4012212 (ID: 1700635)
KB4012213 - Windows Server 2012 R2, Windows 8.1
MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows Server 2012 R2 - KB4012213 (x64) (ID: 1700637)
MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows 8.1 - KB4012213 (x64) (ID: 1700639)
MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows 8.1 - KB4012213 (ID: 1700641)
KB4012214 - Windows Server 2012
MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality Update - Security Only - Windows Server 2012 - KB4012214 (x64) (ID: 1700643)
KB4012598 - Windows Vista SP2, Windows Server 2008 SP2, Windows 8, Windows Server 2003 SP2
MS17-010: Security Update for Microsoft Windows SMB Server - Windows Vista SP2 - KB4012598 (x64) (ID: 1701001)
MS17-010: Security Update for Microsoft Windows SMB Server - Windows Server 2008 SP2 - KB4012598 (x64) (ID: 1701003)
MS17-010: Security Update for Microsoft Windows SMB Server - Windows Server 2008 SP2 - KB4012598 (ID: 1701005)
MS17-010: Security Update for Microsoft Windows SMB Server - Windows Vista SP2 - KB4012598 (ID: 1701007)
MS17-010: Security Update for Windows SMB Server - Windows 8 - KB4012598 (ID: 1701009)
MS17-010: Security Update for Windows SMB Server - Windows 8 - KB4012598 (x64) (ID: 1701011)
MS17-010: Security update for Windows SMB Server - Windows Server 2003 SP2 - KB4012598 (x64) (ID: 1701013)
MS17-010: Security update for Windows SMB Server - Windows Server 2003 SP2 - KB4012598 (ID: 1701015)
MS17-010: Security update for Windows SMB Server - Windows XP SP2 - KB4012598 (x64) (ID: 1701017)
MS17-010: Security update for Windows SMB Server - Windows XP SP3 - KB4012598 (ID: 1701019)
KB4012606 - Windows 10
MS17-006, MS17-007, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 - KB4012606 (ID: 401260601)
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 - KB4012606 (x64) (ID: 401260603)
KB4013198 – Windows 10
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1511 - KB4013198 (x64) (ID: 401319801)
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1511 - KB4013198 (ID: 401319803)
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1607 - KB4013429 (ID: 401342907)
KB4013429 - Windows Server 2016, Windows 10
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows Server 2016 - Windows Server 2016 - KB4013429 (x64) (ID: 401342909)
MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security Update for Windows 10 - Windows 10 Version 1607 - KB4013429 (x64) (ID: 401342911)
II. KB2696547 - Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016
2696547: Disable SMBv1 in Windows and Windows Server - Disable Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista / Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 - KB2696547 (ID: 269654703)
2696547: Disable SMBv1 in Windows and Windows Server - Disable Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows Server 2012 R2 / Windows Server 2016 - KB2696547 (ID: 269654707)
2696547: Disable SMBv1 in Windows and Windows Server - Enable Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista / Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 - KB2696547 (ID: 269654701)
2696547: Disable SMBv1 in Windows and Windows Server - Enable Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows Server 2012 R2 / Windows Server 2016 - KB2696547 (ID: 269654705)
FAQ
Q: How do I determine if my device has been patched?
A: If your device normally receives patch from BigFix and is not relevant to the respective Fixlets listed above, your device has been patched.
Q: I suspect that my device might be missing this update. How do I verify this?
A: You can download the Microsoft Baseline Security Analyzer (MBSA) and run a scan on the target device to generate the MBSA report. If the report does not list the respective KB as missing, the device has been patched.
There is a known issue that the report might contain a bulletin number that is different from MS17-010. Use the patch’s KB number as reference to assess the report.
Q: I ran a scan to check for missing updates. The MBSA report advised that my device has been patched but the Security Only patch is installable when manually executed. Is this normal?
A: This is a known issue. Even when a monthly rollup is installed, security-only patch can be manually installed. This is attributed to Microsoft’s patch relevance algorithm. BigFix has built additional logic to work around such issues. We ensure that in cases where monthly rollup is installed, security-only patch are marked as not required or not relevant.
References:
- For Microsoft’s update post on the Petya malware attack, see http://bit.ly/2u0HThN.
- For Microsoft’s wiki entry of the Petya malware, see http://bit.ly/2u1jwAq.
- For details about Microsoft Security Bulletin MS17-010, see http://bit.ly/2qmU20t.
- For the post on using BigFix Patch to protect devices from the WannaCry ransomware, see https://ibm.co/2s4Jem8.
- For more information about the patches that Microsoft released for older, unsupported platforms, see http://bit.ly/2raS5BZ.
- For more information about the differences between Security Only and Monthly Rollup updates, see
- http://bit.ly/2bmEun0.
- To download the Microsoft Baseline Security Analyzer (MBSA), see http://bit.ly/1IJ6bkg.