Unless you've been living under a rock, you've heard of the WannaCry ransomware attack that has impacted servers around the world in the last few days. Hopefully you and your customers haven't been victims of this attack. WannaCry is a ransomware program that targets Microsoft Windows operating systems, which can be spread by phishing emails and by using the EternalBlue exploit and DoublePulsar backdoor to spread throughout a network. Microsoft released a security fix in March of 2017 to address the issue, but (apparently) not everyone has installed it. The security patch does require a restart of the server.
Here are some useful links that can help you understand the issue and protect your systems from this attack.
Cisco has released an official PSIRT notification for WannaCry. This is a generic notice for all Cisco products that don't support Windows auto updates.
There is a new article on TechZone that also contains similar links and information.
Both Cisco articles reference the original Microsoft security bulletin: MS17-010. This security update was provided 2 months before the WannaCry attack, so doesn't reference it explicitly. However, WannaCry exploits weakness in Microsoft Server Message Block 1.0 (SMBv1) server, and this security bulletin addresses that weakness.
CCBU is exploring the feasibility of disabling SMBv1 on our servers as a short term way to avoid WannaCry attacks without installing the security patch. No problems have been found in our initial testing. CCBU's recommendation is to apply the patch as soon as possible. As a long term strategy it is in your customers' best interest to regularly install Microsoft Security updates to avoid problems like WannaCry. As the old adage goes: an ounce of prevention is worth a pound of cure.
