Well, it’s a very exciting day in IT. Or terrifying, depending on your perspective.
Just last week I hosted an educational event that posed the idea you could be fired for not accelerating your migration to Windows 10. That’s just not for no reason – you can’t survive in the new world of patch compliance if you aren’t using the current branch of everything (Windows, tools, applications).
For a little background, today we witnessed a large-scale global ransomware attack, known as Wcry (or WannaCry), targeting an (*ahem*) allegedly nation-state sourced exploit known as Eternalblue.Here are the broad strokes:
It is a self-propagating ransomware payload based on the Eternalblue exploit
The vulnerability is mitigated by MS17-010 released in March 2017
All supported (mainstream or extended) versions of Windows and Windows Server are affected
How this is going to get sysadmins fired is CIO’s finding out the vulnerability was patched in March. You know, like 2 months ago.
What did your April patch compliance report show for MS17-010?
Right now there are only two types of people in this world, let’s see what you should expect based on which one you are.
I’ve been infected. What can I do?
Forget change control exists, and deploy MS17-010 immediately. Everywhere. To everything running Windows. Even remote computers. Even the CEO’s computer.
Disable SMBv1 at endpoints
Force update of endpoint protection definitions / engine everywhere
Take appropriate steps at your network perimeter
Restore or re-provision infected endpoints
Throw your Windows XP computers into the Sun, or a nearby gorge
Double-check your compliance reports and prepare for Monday’s super awesome status meeting