Cool Solutions

ZENworks Patch Management and the WannaCrypt ransomware attack

Darrin VandenBos

By:

May 19, 2017 2:39 pm

Reads:985

Comments:1

Score:3.67

Print/PDF

As of a few days ago, the WannaCrypt ransomware attack (better known as WannaCry) that rocked Europe and Asia over the past weekend has been reported in 150 countries throughout the world and continues to hold at least 50,000 computers hostage. As the attack unfolded, Microsoft issued a guidance report advising Windows customers to make sure they have deployed Microsoft Security Bulletin MS17-010, the security update that addresses the vulnerability that WannaCrypt exploits. This security update was released in March.

Our patch coverage for Microsoft Security Bulletin MS17-010

The ZENworks Patch Management repository includes ALL of the patches that Microsoft released prior to the attack to fix the vulnerability AND ALL of the patches they’ve released since then. The newly released patches cover popular platforms that are in custom support only–Windows XP, Windows 8, and Windows Server 2003. Here is the entire list of patches that address this vulnerability:

  • Windows XP
    • MS17-010 Security Update for Windows XP SP2 x64 (KB4012598)
    • MS17-010 Security Update for Windows XP SP3 (KB4012598)
  • Windows Embedded Standard 2009 and Windows Embedded POSReady 2009
    • MS17-010 Security Update for WES09 and POSReady 2009 (KB4012598)
  • Windows Vista
    • MS17-010 Security Update for Windows Vista (KB4012598)
    • MS17-010 Security Update for Windows Vista x64 (KB4012598)
  • Windows 7
    • March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)
    • March, 2017 Security Monthly Quality Rollup for Windows 7 x64 (KB4012215)
    • March, 2017 Security Only Quality Update for Windows 7 (KB4012212)
    • March, 2017 Security Only Quality Update for Windows 7 x64 (KB4012212)
  • Windows Embedded Standard 7
    • March, 2017 Security Monthly Quality Rollup for Windows Embedded Standard 7 (KB4012215)
    • March, 2017 Security Monthly Quality Rollup for Windows Embedded Standard 7 x64 (KB4012215)
    • March, 2017 Security Only Quality Update for Windows Embedded Standard 7 (KB4012212)
    • March, 2017 Security Only Quality Update for Windows Embedded Standard 7 x64 (KB4012212)
  • Windows 8
    • MS17-010 Security Update for Windows 8 (KB4012598)
    • MS17-010 Security Update for Windows 8 x64 (KB4012598)
  • Windows 8.1
    • March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
    • March, 2017 Security Monthly Quality Rollup for Windows 8.1 x64 (KB4012216)
    • March, 2017 Security Only Quality Update for Windows 8.1 (KB4012213)
    • March, 2017 Security Only Quality Update for Windows 8.1 x64 (KB4012213)
  • Windows 10
    • Cumulative Update for Windows 10 (KB4012606)
    • Cumulative Update for Windows 10 x64 (KB4012606)
    • Cumulative Update for Windows 10 Version 1511 (KB4013198)
    • Cumulative Update for Windows 10 Version 1511 x64 (KB4013198)
    • Cumulative Update for Windows 10 Version 1607 (KB4013429)
    • Cumulative Update for Windows 10 Version 1607 x64 (KB4013429)
  • Windows Server 2003
    • MS17-010 Security Update for Windows Server 2003 (KB4012598)
    • MS17-010 Security Update for Windows Server 2003 x64 (KB4012598)
  • Windows Server 2008/2008 R2
    • MS17-010 Security Update for Windows Server 2008 (KB4012598)
    • MS17-010 Security Update for Windows Server 2008 x64 (KB4012598)
    • March, 2017 Security Only Quality Update for Windows Server 2008 R2 x64 (KB4012212)
    • March, 2017 Security Monthly Quality Rollup for Windows Server 2008 R2 x64 (KB4012215)
  • Windows Server 2012/2012 R2
    • March, 2017 Security Only Quality Update for Windows Server 2012 (KB4012214)
    • March, 2017 Security Monthly Quality Rollup for Windows Server 2012 (KB4012217)
    • March, 2017 Security Only Quality Update for Windows Server 2012 R2 (KB4012213)
    • March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
  • Windows Server 2016
    • Cumulative Update for Windows Server 2016 x64 (KB4013429)

Okay, so why can’t I find one of these patches in my ZENworks system?

Some ZENworks Patch Management customers have looked in their system and not been able to find Microsoft Security Bulletin MS17-010. There can be several reasons for this:

  • For some platforms (Windows 7, 8.1, 10, 2008 R2, 2012, 2012 R2, and 2016), Microsoft does not release patches individually. Instead, they release monthly updates. Microsoft Security Bulletin MS17-010 is included in these updates.
  • Some updates that were released in March have been superseded by updates released in April and May. This is true of all updates that are cumulative. You can know which updates are cumulative because they have “Cumulative” or “Rollup” in their name. For example, “March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215)” was superseded by the April 2017 Security Monthly Quality Rollup which was superseded by the May 2017 Security Monthly Quality Rollup. Superseded patches are automatically disabled and hidden in ZENworks Patch Management, which means that if you want to see them you need to filter your Patches list to include disabled patches.
  • You don’t have any Windows machines. You are a pure Linux or Mac company and don’t have to worry about Windows exploits. Lucky you!

Ensuring that your machines are patched

If you are still working on making sure that your machines are patched, here are some things you should consider:

  • For platforms that have an individual Microsoft Security Bulletin MS17-010 update, you can use ZENworks Control Center to search for the update in the Patches list (ZENworks Patch Management > Patches). Once you find the patch, the “Not Patched” count will show the devices that do not have the patch installed. Deploy the patch to those devices.
  • For platforms that DON’T have an individual Microsoft Security Bulletin MS17-010 update, you have the following options:
    • For platforms that have a March “Security Only Quality Update”, find the patch in the Patches list and deploy it to all devices listed in the “Not Patched” count. The “Security Only Quality Update” patches contain only that month’s security fixes and are never superseded because they are not cumulative. Therefore, the patch should not be disabled in your system.
      An alternative is to find the platform’s most recent “Security Monthly Quality Rollup” and deploy it to any devices that don’t have it because the rollup also includes the cumulative security fixes. However, the rollup can be much larger than the “Security Only Quality Update” and take longer to apply.
    • For Windows 10 and Windows Server 2016, ensure that the most recent “Cumulative Update” is installed. Deploy it to any machines on which it is not already applied.

Protecting against future attacks

Ransomware has been around for a long time. But it, and other types of malware, are becoming increasingly sophisticated and damaging. Many, like WannaCrypt, exploit security holes that have already been addressed by the software vendor. The best way to protect yourself is to ensure that you are staying on top of released patches and installing as soon as you can.

ZENworks Patch Management will do the work for you if you let it. We strongly recommend that you use Patch policies to ensure that newly released OS patches are automatically applied to devices in a timely manner. Here are some quick guidelines for using Patch policies to apply security patches:

  • Create a separate policy for each OS platform that applies all OS patches with a “Critical” impact. Since Security updates are always labeled “Critical”, your policy will always include them.
  • Policies must be recalculated and rebuilt to include newly released patches. Recalculate the policy and rebuild it on a schedule appropriate for the policy’s patches. For example, if a policy is for a platform that releases monthly updates, set the recalculate/rebuild to occur after the patch release date (for example, after the second Tuesday, or “Patch Tuesday” of the month for a policy that includes Microsoft patches). If it is for a platform that releases individual patches more frequently, set the recalculate/rebuild schedule appropriate to that release cadence.
  • Schedule the policy to enforce monthly for those platforms that release monthly updates. For platforms that still release individual updates, schedule the policy to enforce more often. Base the enforcement schedule off your recalculate/rebuild schedule for the policy.
  • Schedule a policy’s patches to be distributed to the device prior to the enforcement schedule. This is not absolutely necessary because they can be distributed at enforcement, but having the patches delivered beforehand can help ensure that patching gets done in the time frame you expect.

If you’d like to review more best practices for using Patch policies, or need help knowing how to use the various Patch policy features, see the ZENworks Patch Management Reference.

 

3 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 53 votes, average: 3.67 out of 5 (3 votes, average: 3.67 out of 5)
You need to be a registered member to rate this post.
Loading...

Tags: , , , , ,
Categories: Endpoint Management, Patch Notifications, Technical, ZENworks, ZENworks Patch Management, ZENworks Suite

1

Disclaimer: This content is not supported by Micro Focus. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

1 Comment

  1. By:CRAIGDWILSON

    Meant to Click 5 Stars Not 1…System will not let me Fix….

Comment

RSS