WannaCry  – RansomWare – Patching MS Windows 2003 / Windows XP


I have some Windows XP and Windows 2003 boxes in my Lab.

And, since they are very vulnerable to SMB vulnerability exploited by Wanna Cry, let us go patch them.



The fix for Windows XP and Windows 2003 is packaged as KB4012598.


Download URL

The patch is available @

  1. Windows 2003
    • Security Update for Windows Server 2003 ( KB 4012598)

Download Patch

Browser Choice

Internet Explorer

On Windows 2003 box, launched IE and tried downloading patch for Windows 2003.

Agin, here is the URL attempted.


Chrome show contents, avails download button, and was able to successfully download.


Apply Patch


  1. Access Saved Folder
  2. Launch downloaded file
    • As this is a downloaded file, prompted as to whether it is OK to run file
    • On the Welcome screen, click the Next button
    • On the “License Agreement” screen, choose the “I Agree” button
    • Keep an eye on the “Updating Your System” screen


Images – Open File – Security Warning

Images – Welcome

Images – License Agreement

Images – Updating Your System


Review Applied Patches

Let us review Applied patches.


  1. Launch Control Panel
  2. Access the Add and Remove Programs applet
  3. Stay and choose the “Change or remove Programs” group box
    • Choose to “Show updates”
    • In the “Sort By” drop-down, choose Name
    • Review entries listed under “Windows Server 2003 – Software Updates
    • Before applying patch
      • The last update was in Sept 7th, 2015
    • Post applying patch
      • Last applied Patch KB 40122598
      • Patch applied on May 19th, 2017


Image – Before

Image – Before – Top

Image – Before – Bottom



Image – After


Additional Reading

As always there is an awful lot of commentary out there:

  1. Talos
    • Martin Lee, Warren Mercer, Paul Rascagneres, and Craig Williams
      • Player 3 Has Entered the Game: Say Hello to ‘WannaCry’
  2. Lawrence Abrams
    • Bleeping.com
      • How to remove the WannaCry & Wana Decryptor Ransomware
  3.  Comae.io
    • Matt Suiche, Hacker, Microsoft MVP, Founder of @comaeio — Co-Founder of @CloudVolumes (now @VMWare)
      • WannaCry — The largest ransom-ware infection in History
  4. United States Computer Emergency Readiness Team ( US-CERT )
    • Indicators Associated With WannaCry Ransomware – Alert (TA17-132A)


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s