On May 12, 2017 a new strain of ransomware impacted a large number of organizations globally.
- Additional known names:
On June 27,2017 a new strain of ransomware impacted multiple critical organizations globally.
- Additional known names:
Symantec ITMS 7.5.x, 7.6.x and 8.x
Attack propagates to other computers by exploiting a known SMBv1 remote code execution vulnerability in Microsoft Windows computers.
Please review the following Symantec Connect links and Microsoft for more information pertaining to the attacks detailed above:
Review the Windows Compliance Reports, or Import the attached wannacry Compliance.xml to the ITMS 8.x / 7.6 SMP Console > Reports > All Reports > Software > Patch Management folder highlight the main folder and right-click > Import the saved xml, and review the updates which would apply and cover this vulnerability
Otherwise, patching clients with current Monthly Cumulative Rollups from March 2017 through May 2017 will resolve this issue and cover the vulnerabilities.
- Note: MS17-010 was Partially-Superseded as it was released in March 2017 (this means it will not be listed in the canned Compliance Reports for Patch doesn't report on Superseded Software Updates as it lists the most recent updates to resolve vulnerabilities per Vendor specifications).
- The following list should cover the vulnerability for KB4019264; MS17-05-W10, MS17-05-2K8, MS17-05-MR81, MS17-05-MR8, and MS17-05-MR7 (or for Security Only deployment in MS17-05-SO#). Moreover, these Monthly Cumulative Rollups will be Superseded in June as detailed by the vendor on INFO3895.
- These individual Bulletin Names are detailed for each targeted OS in INFO4140.
- Note: Patch Management Solution 7.5 can manage patching all previous versions of Windows Operating Systems up to Windows 10 and 7.6+ is required for patching Windows 10 Clients.
Added support for Windows XP & Windows Server 2003 for this Software Update to be deployed in MS17-010 for it was not superseded for these two OS types:
- Provided in PMImport 7.2.30 now available for download on the Console > Home > Patch Management > Windows > Settings > MetaData Import Task:
- Click the 'New Schedule' and run NOW or review schedule for running at a later time.
Please subscribe to this article to receive an email notification as this document is updated.
NOTE pertaining to the attached WannaCry Compliance x.x.xml reports.
- The reports show compliance based on any update being installed that removes the Wannacry / Petya vulnerabilities.
- The drop down at the top lets you select the status to show for the computers. This makes it easy to get counts of computers needing a reboot, not installed and Protected(Meaning it has at least one of the bulletins installed that addresses the vulnerability).
Additionally, the Compliance by Bulletin (Wanna Cry) w/Reboot Status report is the similar Compliance By Bulletin but will also display the superseded bulletins like MS17-010 which remediate Wannacry / Petya attacks.
Save this XML for ITMS 8.x - then open the Console, highlight folder on Console-Reports-All Reports-Software-Patch Management, right-click-Import and direct to that saved XML
WannaCry Compliance 8.X.XML (24.9 KB)
Save this XML for ITMS 7.6 - then open the Console, highlight folder on Console-Reports-All Reports-Software-Patch Management, right-click-Import and direct to that saved XML
WannaCry Compliance 7.X.XML (24.9 KB)
Save the .zip file, extract it then run the SQL on the SQL server and import the .xml