[194623] in North American Network Operators' Group
RE: Please run windows update now
daemon@ATHENA.MIT.EDU (timrutherford@c4.net)
Mon May 15 14:24:18 2017
X-Original-To: nanog@nanog.org
From: <timrutherford@c4.net>
To: "'Keith Stokes'" <keiths@neilltech.com>,
"'Keith Medcalf'" <kmedcalf@dessus.com>
In-Reply-To: <FE2FF638-8533-435A-9450-4952D0A93782@neilltech.com>
Date: Mon, 15 May 2017 14:22:59 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>> =
<https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-fo=
r-wannacrypt-attacks/> =
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for=
-wannacrypt-attacks/
>> Look near the bottom under Further Resources.
=20
Those are the links appear to be patches for older versions of Windows.
=20
The link that Josh sent initially is probably the most straight forward =
for currently supported versions. =20
=20
=
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
=20
Scroll down below =E2=80=9CAffected Software and Vulnerability Severity =
Ratings=E2=80=9D and click on the link in the left column it will being =
you to the MS Update Catalog download page for the patch in question.
=20
=20
=20
=20
Keep in mind that since MS started doing monthly patch rollups instead =
of individual patches, they are listing a =E2=80=9Crollup=E2=80=9D KB# =
and =E2=80=9Csecurity only=E2=80=9D KB# for each version of Windows.
=20
For example, look at Windows 2012/2012R2 above =E2=80=93 there are four =
different KB#s depending on the OS version and update method being used. =
=20
=20
KB4012217 : =E2=80=9Cmonthly rollup=E2=80=9D version for 2012 (gets =
delivered via windows update - contains this patch and several others)
KB4012214 : =E2=80=9Csecurity only=E2=80=9D version for 2012 for this =
one patch=20
=20
KB4012216 : 2012R2 version of the rollup=20
KB4012213 : 2012R2 version of the security only patch=20
=20
=20
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Keith Stokes
Sent: Monday, May 15, 2017 11:49 AM
To: Keith Medcalf <kmedcalf@dessus.com>
Cc: nanog@nanog.org
Subject: Re: Please run windows update now
=20
=
<https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-fo=
r-wannacrypt-attacks/> =
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for=
-wannacrypt-attacks/
=20
=20
Look near the bottom under Further Resources.
=20
=20
On May 15, 2017, at 10:44 AM, Keith Medcalf < =
<mailto:kmedcalf@dessus.com%3cmailto:kmedcalf@dessus.com> =
kmedcalf@dessus.com<mailto:kmedcalf@dessus.com>> wrote:
=20
=20
I do not see any links to actually download the actual patches. Just a =
bunch of text drivel.
=20
=20
--
=CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =
=C9=B9no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 =
no=CA=8E =C9=9F=C4=B1
=20
-----Original Message-----
From: NANOG [ <mailto:nanog-bounces@nanog.org> =
mailto:nanog-bounces@nanog.org] On Behalf Of =
<mailto:timrutherford@c4.net%3cmailto:timrutherford@c4.net> =
timrutherford@c4.net<mailto:timrutherford@c4.net>
Sent: Monday, 15 May, 2017 09:23
To: 'Josh Luthman'; 'Nathan Fink'
Cc: <mailto:nanog@nanog.org> nanog@nanog.org
Subject: RE: Please run windows update now
=20
I should clarify, the link in my email below is only for windows =
versions that are considered unsupported.
=20
This one has links for the currently supported versions of windows
=20
<https://support.microsoft.com/en-us/help/4013389/title> =
https://support.microsoft.com/en-us/help/4013389/title
=20
=20
-----Original Message-----
From: <mailto:timrutherford@c4.net> timrutherford@c4.net [ =
<mailto:timrutherford@c4.net> mailto:timrutherford@c4.net]
Sent: Monday, May 15, 2017 11:12 AM
To: 'Josh Luthman' < <mailto:josh@imaginenetworksllc.com> =
josh@imaginenetworksllc.com>; 'Nathan Fink'
< <mailto:nefink@gmail.com> nefink@gmail.com>
Cc: 'nanog@nanog.org' < <mailto:nanog@nanog.org> nanog@nanog.org>
Subject: RE: Please run windows update now
=20
They even released updates for XP & 2003
=20
<http://www.catalog.update.microsoft.com/search.aspx?q=3D4012598> =
http://www.catalog.update.microsoft.com/search.aspx?q=3D4012598
=20
=20
-----Original Message-----
From: NANOG [ <mailto:nanog-bounces@nanog.org> =
mailto:nanog-bounces@nanog.org] On Behalf Of Josh Luthman
Sent: Monday, May 15, 2017 10:45 AM
To: Nathan Fink < <mailto:nefink@gmail.com> nefink@gmail.com>
Cc: <mailto:nanog@nanog.org> nanog@nanog.org
Subject: Re: Please run windows update now
=20
Link?
=20
I only posted it as reference to the vulnerability.
=20
=20
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
=20
On Sat, May 13, 2017 at 2:07 AM, Nathan Fink < <mailto:nefink@gmail.com> =
nefink@gmail.com> wrote:
=20
I show MS17-010 as already superseded in SCCM
=20
On Fri, May 12, 2017 at 1:44 PM, Josh Luthman =
<josh@imaginenetworksllc.com
=20
wrote:
=20
MS17-010
<https://technet.microsoft.com/en-us/library/security/ms17-010.aspx> =
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
=20
=20
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373
=20
On Fri, May 12, 2017 at 2:35 PM, JoeSox < <mailto:joesox@gmail.com> =
joesox@gmail.com> wrote:
=20
Thanks for the headsup but I would expect to see some references to the =
patches that need to be installed to block the vulnerability (Sorry for =
sounding like a jerk).
We all know to update systems ASAP.
=20
--
Later, Joe
=20
On Fri, May 12, 2017 at 10:35 AM, Ca By < <mailto:cb.list6@gmail.com> =
cb.list6@gmail.com> wrote:
=20
This looks like a major worm that is going global
=20
Please run windows update as soon as possible and spread the word
=20
It may be worth also closing down ports 445 / 139 / 3389
=20
<http://www.npr.org/sections/thetwo-way/2017/05/12/> =
http://www.npr.org/sections/thetwo-way/2017/05/12/
528119808/large-cyber-attack-hits-englands-nhs-hospital-
system-ransoms-demanded
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
=20
---
=20
Keith Stokes
=20
=20
=20
=20
