SECURITY EVANGELIST

The first step in protecting any computer against WannaCry, Uiwix and other ransomware campaigns is to apply the critical patch that Microsoft released in March 2017 (Microsoft Security Bulletin MS17-010).

eternal blue logo white

Step 1: Check this list to see if your system is exposed

This is the list of Windows software which need the update in order to close the vulnerabilities in SMBv1 and SMBv2:

  • Microsoft Windows Vista SP2
  • Microsoft Windows Server 2008 SP2 and R2 SP1
  • Microsoft Windows 7
  • Microsoft Windows 10
  • Microsoft Windows 8.1
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2012 și R2
  • Microsoft Windows Server 2016
  • Microsoft Windows XP
  • Microsoft Windows Server 2003.

You can also use the Microsoft Baseline Security Analyzer 2.3 to scan your PC or your environment and discover which updates are missing on your endpoints. The tool also lists the missing updates by severity and potential impact. Here is a helpful guide on how to use it (text version):

We’ve also integrated Microsoft Baseline Security Analyzer 2.3 into Heimdal PRO and Hiemdal CORP, so you can install it swiftly.

Step 2: Download and install the update

Once you’ve identified the vulnerabilities in your environment, the next step is to find and apply the necessary updates. Fast.

In order to counteract the limit the widespread threat that WannaCry and Uiwix are posing, Microsoft released new Security Updates packages so that all systems will be protected against the exploit, including unsupported systems, such as Windows XP or Windows Vista.

We’ve chosen to illustrate each step by using the update for Windows 7, since it’s the operating system with the highest number of users at the moment.

  1. Go to the Microsoft Security bulletin where you’ll find links to all the links for the security update packages.
  2. Scroll down to the operating system that you are using. In our example, it was Windows 7 64bits.
  3. Click on the package you need. In our example, we used Windows 7 for x64-based Systems Service Pack 1 (4012215) Monthly Rollup. Make sure it’s the Monthly Rollup link that you choose!
  4. windows patch guide wannacry ransomware step (1)

  5.  A new window will open. Select the update for the windows version that you have and press Download.
  6. windows patch guide wannacry ransomware step (2)

  7. Click on the link that will appear after you press the Download button:
  8. windows patch guide wannacry ransomware step (3)

  9. After the download is complete, run it as you would run any other setup.
  10. It will ask you if you want to install the Windows software update. Press Yes and this will initialize the installation setup:
  11. windows patch guide wannacry ransomware step (4)

    windows patch guide wannacry ransomware step (5)

  12. At the end of the installation it will ask you to restart the computer. Restart it.
  13. To check if the installation was successful, you can go to Control Panel > Windows Updates > View update History (on the left side) and see if the Security Update for Windows is installed. It should have the current date in the Date Installed column.

windows patch guide wannacry ransomware step (6)

IMPORTANT!

If the update has already been applied or installed, then you will receive a message informing you about it.

windows patch guide wannacry ransomware step (7)

Also, make sure you follow the security alerts for WannaCry ransomware attacks and the Uiwix ransomware threat. We will keep these alerts updated at all times.

What is Ransomware
2017.05.15 SLOW READ

What is Ransomware and 15 Easy Steps To Keep Your System Protected [Updated]

uiwix ransomware bigger threat than wannacry
2017.05.14 QUICK READ

Security Alert: Uiwix Ransomware Spotted in the Wild, Could Add to WannaCry Damage [Updated]

ransomware attack wave wannacry 0D0A35
2017.05.13 INTERMEDIATE READ

Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two

Comments

The article you have shared here very good. This is really interesting information for me. Thanks for sharing!

Hi,
this method for updates is good, but there is another one much faster and use microsoft update cab file that are updated every day. WSUS Offline Update is using these windows update cab files to get all updates need for your operating system.

I am running Windows Vista SP2 and when I click on the downloaded patch, a window appears saying “searching for updates” and an hour later, it is still searching. Any help would be greatly appreciated.

it cannot be installed in your computer?

Is Ubuntu 16.04.2 vulnerable to ransomware?

is windows 8 vulnerable to ransomware

If not properly updated and protected, it can be.

Hi. For us with automatic updates (just cheched and there are no Available updates) and Windows 10, will this not install automatically? Or do I need to download this my self?

Windows 10 already installed this update when it came out, so no need to worry.

Hi Zaharia,

I am running windows 10 professional and running the microsoft baseline security analyzer from the heimdal patching system, it indicates that “The Automatic Updates feature has not been configured on this computer”. The link indicating how to solve the problem mentions only older systems (Windows Server 2003, Windows XP Professional, or Windows 2000, windows 2008 and windows vista). As far as I understood, windows 10 automatically updates. Do I have to worry on this message on vulnerability/how do I solve the problem if it is a problem at all?
Thank you

Hi Raoul!

If you have Windows 10, you already have this update installed, so no need to worry. But it helps to have multiple layers of protection anyway, even if this particular vulnerability is patched.

For windows 8.1 only a win32 patch and amd64 patch exist, right? Tried both cause the amd64 might be a typos but neither worked with windows 8.1 64bit (intel).

A red box said IT CANNOT BE INSTALLED ON YOUR COMPUTER( W10)
(Opdateringen kan ikke anvendes på din computer)

Sorry to hear that, but you’d have to check with Microsoft to see why that is. Please consider the requirements on this page: https://www.microsoft.com/en-us/download/details.aspx?id=7558

DoktorThomas™ on May 17, 2017 at 6:43 pm

The security analyzer, like most errorware from MSFT, is essentially useless. If one blurs his IPS, how can the scanner be directed to scan one’s 23 active computers?
Microsoft removes logic and insightfulness then ignores actual user approach when it writes any software. Add to that a fundamental flaw in the winOS services allocation system that is unfixed and all winOS’s remain insecure. I can’t understand why anyone uses any MSFT errorware. Someone needs to write another OS.

Microsoft states windows vesions higher than 8.0 are NOT supported by the analyzer; so how am I supposed to analyze my platform

Unfortunately, David, this is something we cannot fix. We wish this version worked for all operating systems, but the limitations don’t depend on us.

Flemming Hansen on May 17, 2017 at 2:31 pm

I am really puzzled about the Microsoft Baseline Security Analyzer 2.3. It seems to be an outdated tool covering only up to Windows 8.1. Windows 10 is not covered, and the advice given by the tool following an analysis run are almost useless, as the Control Panel is configured differently in Windows 10 than in previous Windows versions. E.g. it says that my laptop has four user accounts (my own, Admin, Default and Guest) , 3 of which has weak passwords, but the Control Panel/Computer Management does not cover User Accounts and the Control Panel/User Accounts section shows only one (my own). So I find the Microsoft Baseline Security Analyzer 2.3 to be of only marginal benefit to windows 10 users.

As much as we wish we had a solution for everyone, unfortunately, it doesn’t depend on us. Indeed, Windows 8 and Windows 10 users have to follow the manual approach to verifying updates.

In step 1 above you have missed out Windows 10, which is vulnerable according to the Microsoft website: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. By leaving Windows 10 off your list you could leave users thinking they are safe when they are not.

Hi Dave! Indeed, sorry for that. I’ve updated the list to include Windows 10.

Great article Andra !
Just one comment, my win 7 x64 already had the update installed, but the message was not like the one you posted, it just said something like “This update can’t run on this PC”, no more explanation
/Preben

Hi Preben! The notification might be different on various Windows versions. This is the one we tested it on. The important thing is to have the update installed, so kudor to you for doing that!

hey does it need to be online?

Hi Paul! Yes, you will have to be online to do this.

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP