<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=314913&amp;fmt=gif">

The vultures come home to roost

Troy Whittaker
May 13, 2017

Well, it’s a very exciting day in IT. Or terrifying, depending on your perspective.

Just last week I hosted an educational event that posed the idea you could be fired for not accelerating your migration to Windows 10. That’s just not for no reason – you can’t survive in the new world of patch compliance if you aren’t using the current branch of everything (Windows, tools, applications).

For a little background, today we witnessed a large-scale global ransomware attack, known as Wcry (or WannaCry), targeting an (*ahem*) allegedly nation-state sourced exploit known as Eternalblue. Here are the broad strokes:

  • It is a self-propagating ransomware payload based on the Eternalblue exploit
  • The vulnerability is mitigated by MS17-010 released in March 2017
  • All supported (mainstream or extended) versions of Windows and Windows Server are affected

How this is going to get sysadmins fired is CIO’s finding out the vulnerability was patched in March. You know, like 2 months ago.

What did your April patch compliance report show for MS17-010?

Right now there are only two types of people in this world, let’s see what you should expect based on which one you are.

I’ve been infected. What can I do?

Near-term action:

  • Forget change control exists, and deploy MS17-010 immediately. Everywhere. To everything running Windows. Even remote computers. Even the CEO’s computer.
  • Disable SMBv1 at endpoints
  • Force update of endpoint protection definitions / engine everywhere
  • Take appropriate steps at your network perimeter
  • Restore or re-provision infected endpoints
  • Throw your Windows XP computers into the Sun, or a nearby gorge
  • Double-check your compliance reports and prepare for Monday’s super awesome status meeting

Long-term strategy:

  • Modernize your systems management toolsets
  • Migrate to Windows 10
  • Eat, sleep and implement Critical Security Controls
  • Shorten your patch compliance window to less than 30 days
  • Implement complementary vulnerability management solutions to verify your patch solution’s reported compliance

I don’t know I’ve been infected.

Near-term action:

  • Yes you have. Avoid the CSO, see advice above.

PS – There’s likely nobody that’s not going to be infected. In only a few hours, nearly 100 countries have been affected.

PSS – If you have 100% patch compliance and you can prove it I will buy you a Coke Pepsi.

Learn More About Our Windows Readiness Workshop

Windows 10 Readiness Workshop

We would love to talk to you about our Windows 10 Readiness Workshop and 5 tasks we will map out for you. Fill in the form below and we will reach out to you to discuss the workshop in further detail.

  1. External Pressure Map - Map out the external triggers that require faster adoption of Windows 10.
  2. Internal Reality Map - We map out your current Systems Management priorities, tools, processes, and people.
  3. Maturity Benchmark - Benchmark your current situation against maturity requirements for Windows 10.
  4. Paths Comparison Matrix - Based on what we learn about your Internal Reality and Maturity Benchmark, we map out the possible path forward and map out the pros and pitfalls for each path.
  5. Best Path Forward - Facilitate a decision on the best path forward for modernizing Systems Managed to get ready for Windows 10.


You May Also Like

These Stories on Microsoft

Subscribe by Email