WannaCry  – RansomWare – Patching MS Windows 2003 / Windows XP

Background

I have some Windows XP and Windows 2003 boxes in my Lab.

And, since they are very vulnerable to SMB vulnerability exploited by Wanna Cry, let us go patch them.

 

KB4012598

The fix for Windows XP and Windows 2003 is packaged as KB4012598.

 

Download URL

The patch is available @

  1. Windows 2003
    • Security Update for Windows Server 2003 ( KB 4012598)
      Link

Download Patch

Browser Choice

Internet Explorer

On Windows 2003 box, launched IE and tried downloading patch for Windows 2003.

Agin, here is the URL attempted.

Chrome

Chrome show contents, avails download button, and was able to successfully download.

 

Apply Patch

Outline

  1. Access Saved Folder
  2. Launch downloaded file
    • As this is a downloaded file, prompted as to whether it is OK to run file
    • On the Welcome screen, click the Next button
    • On the “License Agreement” screen, choose the “I Agree” button
    • Keep an eye on the “Updating Your System” screen

Images

Images – Open File – Security Warning

Images – Welcome

Images – License Agreement

Images – Updating Your System

 

Review Applied Patches

Let us review Applied patches.

Outline

  1. Launch Control Panel
  2. Access the Add and Remove Programs applet
  3. Stay and choose the “Change or remove Programs” group box
    • Choose to “Show updates”
    • In the “Sort By” drop-down, choose Name
    • Review entries listed under “Windows Server 2003 – Software Updates
    • Before applying patch
      • The last update was in Sept 7th, 2015
    • Post applying patch
      • Last applied Patch KB 40122598
      • Patch applied on May 19th, 2017

Images

Image – Before

Image – Before – Top

Image – Before – Bottom

 

 

Image – After

 

Additional Reading

As always there is an awful lot of commentary out there:

  1. Talos
    • Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams
      • Player 3 Has Entered the Game: Say Hello to ‘WannaCry’
        Link
  2. Lawrence Abrams
    • Bleeping.com
      • How to remove the WannaCry & Wana Decryptor Ransomware
        Link
  3.  Comae.io
    • Matt Suiche, Hacker, Microsoft MVP, Founder of @comaeio — Co-Founder of @CloudVolumes (now @VMWare)
      • WannaCry — The largest ransom-ware infection in History
        Link
  4. United States Computer Emergency Readiness Team ( US-CERT )
    • Indicators Associated With WannaCry Ransomware – Alert (TA17-132A)
      Link

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s