RE: Please run windows update now

[<timrutherford () c4 net>]

> >  <https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/> 
> > https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

> > Look near the bottom under Further Resources.

 

Those are the links appear to be patches for older versions of Windows.

 

The link that Josh sent initially is probably the most straight forward for currently supported versions.  

 

                https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

Scroll down below “Affected Software and Vulnerability Severity Ratings” and click on the link in the left column it 
will being you to the MS Update Catalog download page for the patch in question.

 

                

 

 

Keep in mind that since MS started doing monthly patch rollups instead of individual patches, they are listing a 
“rollup” KB# and “security only” KB# for each version of Windows.

 

For example, look at Windows 2012/2012R2 above – there are four different KB#s depending on the OS version and update 
method being used.  

 

KB4012217 : “monthly rollup” version for 2012 (gets delivered via windows update - contains this patch and several 
others)

KB4012214 : “security only” version for 2012 for this one patch 

 

KB4012216 : 2012R2 version of the rollup 

KB4012213 : 2012R2 version of the security only patch 

 

 

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Keith Stokes
Sent: Monday, May 15, 2017 11:49 AM
To: Keith Medcalf <kmedcalf () dessus com>
Cc: nanog () nanog org
Subject: Re: Please run windows update now

 

 <https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/> 
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

 

 

Look near the bottom under Further Resources.

 

 

On May 15, 2017, at 10:44 AM, Keith Medcalf < <mailto:kmedcalf () dessus com%3cmailto:kmedcalf () dessus com> kmedcalf 
() dessus com<mailto:kmedcalf () dessus com>> wrote:

 

 

I do not see any links to actually download the actual patches.  Just a bunch of text drivel.

 

 

--

˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı

 

-----Original Message-----

From: NANOG [ <mailto:nanog-bounces () nanog org> mailto:nanog-bounces () nanog org] On Behalf Of  
<mailto:timrutherford () c4 net%3cmailto:timrutherford () c4 net> timrutherford () c4 net<mailto:timrutherford () c4 
net>

Sent: Monday, 15 May, 2017 09:23

To: 'Josh Luthman'; 'Nathan Fink'

Cc:  <mailto:nanog () nanog org> nanog () nanog org

Subject: RE: Please run windows update now

 

I should clarify, the link in my email below is only for windows versions that are considered unsupported.

 

This one has links for the currently supported versions of windows

 

 <https://support.microsoft.com/en-us/help/4013389/title> https://support.microsoft.com/en-us/help/4013389/title

 

 

-----Original Message-----

From:  <mailto:timrutherford () c4 net> timrutherford () c4 net [ <mailto:timrutherford () c4 net> mailto:timrutherford 
() c4 net]

Sent: Monday, May 15, 2017 11:12 AM

To: 'Josh Luthman' < <mailto:josh () imaginenetworksllc com> josh () imaginenetworksllc com>; 'Nathan Fink'

< <mailto:nefink () gmail com> nefink () gmail com>

Cc: 'nanog () nanog org' < <mailto:nanog () nanog org> nanog () nanog org>

Subject: RE: Please run windows update now

 

They even released updates for XP & 2003

 

 <http://www.catalog.update.microsoft.com/search.aspx?q=4012598> 
http://www.catalog.update.microsoft.com/search.aspx?q=4012598

 

 

-----Original Message-----

From: NANOG [ <mailto:nanog-bounces () nanog org> mailto:nanog-bounces () nanog org] On Behalf Of Josh Luthman

Sent: Monday, May 15, 2017 10:45 AM

To: Nathan Fink < <mailto:nefink () gmail com> nefink () gmail com>

Cc:  <mailto:nanog () nanog org> nanog () nanog org

Subject: Re: Please run windows update now

 

Link?

 

I only posted it as reference to the vulnerability.

 

 

Josh Luthman

Office: 937-552-2340

Direct: 937-552-2343

1100 Wayne St

Suite 1337

Troy, OH 45373

 

On Sat, May 13, 2017 at 2:07 AM, Nathan Fink < <mailto:nefink () gmail com> nefink () gmail com> wrote:

 

I show MS17-010 as already superseded in SCCM

 

On Fri, May 12, 2017 at 1:44 PM, Josh Luthman <josh () imaginenetworksllc com

 

wrote:

 

MS17-010

 <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx> 
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

 

Josh Luthman

Office: 937-552-2340

Direct: 937-552-2343

1100 Wayne St

Suite 1337

Troy, OH 45373

 

On Fri, May 12, 2017 at 2:35 PM, JoeSox < <mailto:joesox () gmail com> joesox () gmail com> wrote:

 

Thanks for the headsup but I would expect to see some references to the patches that need to be installed to block the 
vulnerability (Sorry for sounding like a jerk).

We all know to update systems ASAP.

 

--

Later, Joe

 

On Fri, May 12, 2017 at 10:35 AM, Ca By < <mailto:cb.list6 () gmail com> cb.list6 () gmail com> wrote:

 

This looks like a major worm that is going global

 

Please run windows update as soon as possible and spread the word

 

It may be worth also closing down ports 445 / 139 / 3389

 

 <http://www.npr.org/sections/thetwo-way/2017/05/12/> http://www.npr.org/sections/thetwo-way/2017/05/12/

528119808/large-cyber-attack-hits-englands-nhs-hospital-

system-ransoms-demanded

 

 

 

 

 

 

 

 

 

 

 

---

 

Keith Stokes