Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
545
Views
0
Helpful
4
Replies

Ransomware Wanna Cry Affecting Windows Server Based UCCE Applications

dtran
Level 6
Level 6

‎06-27-2019 09:37 AM

Hello everyone, hope everyone is well and thanks in advance for any inputs / suggestions to my questions !!!

I've got a UCCE 10.5 environment and I've been asked by my network security team to patch a few of my Windows based servers (Roggers, PG's, HDS ...) to resolve the 'Ransomware" concerns.

 

Has anyone run into this issue and what was your fix/resolution ?

Thanks !!!

Danny

Labels:
0 Helpful
4 Replies 4

Omar Deen
Spotlight
Spotlight

‎06-27-2019 01:07 PM

Do the servers already have the ransomware on them? If they do... you're best bet is to just re-build one side a time. If you do this fast enough, you can get this all done within 24 hours at most. If there is no ransomware, then UCCE has nothing to do with this... consult with security.

0 Helpful

dtran
Level 6
Level 6
In response to Omar Deen

‎06-27-2019 02:35 PM

Hello Omar, thanks for the response !!!
The servers aren't infected. I am looking into patching the servers to protect them from infected.
This is what I need to patch "MS17-010: Security Update for Microsoft Windows SMB Server" and I believe there is a couple ways to patch
1. Disable SMB v1 on the server
2. Install the patch
I am trying to figure out what patch to install or just disable SMB v1 and what are the side effects to UCCE.
Thanks !!!
Danny
0 Helpful

Omar Deen
Spotlight
Spotlight
In response to dtran

‎06-28-2019 06:11 AM

The patch for that vulnerability has been out for several years. Also, depending on what version of Windows Server you're running, SMB v1 might be disabled by default. UCCE does not have an SMB v1 dependency, so if it's not already disabled, you can go ahead and disable it.
But your servers should be getting monthly patch management, and there should be hardware appliances on the edge of your network to help combat malignant threats. All you can really do for UCCE and its VOS applications is stay on top of Windows and VOS patching.
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎06-28-2019 01:46 AM

@dtran wrote:

I've got a UCCE 10.5 environment and I've been asked by my network security team to patch a few of my Windows based servers 

Patching WannyCry(pt) is the least of your worries.  There are a lot of vulnerabilities and exploits out in the wild.  FW, IPS/IDS will do their job but servers need to be appropriately and adequately patched.  

0 Helpful
Customers Also Viewed These Support Documents