Wannacry Ransomware - MS17-010 is not detected by Languard

Versions / Builds Affected

All

Status

Resolved

Problem Summary

Wannacry Ransomware Attack - Patch MS17-010 - Is it installed and am I protected?

TT / JIRAID

GFIL-1844

How to Identify

It may be difficult to determine whether the patch is installed directly due to the way Microsoft provides Cumulative Updates. Please review the article How to check if a patch from a previous update has been installed through Cumulative Updates. https://na8.salesforce.com/knowledge/articlePrintableView.apexp?id=kA2C0000000UJcE MS17-010 is used specifically as an example for this issue. This article will help to determine if the patch is indeed installed through a superseded patch even if it is not showing the patch directly.

Workaround / Fix Details

If the server is not infected ,quickly install the update according to the OS list. https://technet.microsoft.com/en-us/library/security/ms17-010.aspx For older versions (XP/2003 Servers); https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ We cover the patch for older systems released on 5/13/17 as of 05/17/17. These older systems should be able to detect and install the patch from the link above. Languard development has created a custom record as the patch was not released to WSUS. If Languard is not detecting the patch as needed on these earlier OS, then run a Program Update to make sure you have the latest auto-updates, then re-scan.

Required Actions

Give customer workaround from article: How to check if a patch from a previous update has been installed through Cumulative Updates https://na8.salesforce.com/knowledge/articlePrintableView.apexp?id=kA2C0000000UJcE