[BESAdmin-Announcements] Use BigFix Patch Management to protect your devices from Petya ransomware

Announcements for BES Administrators besadmin-announcements at bigmail.bigfix.com
Tue Jul 4 01:44:13 PDT 2017 

Microsoft has released MS17-010 in March to address the vulnerabilities
(CVE-2017-0144 and CVE-2017-0145) that the Petya ransomware exploits to
spread across networks. Consequently, BigFix has previously released the
corresponding the Fixlets.
We encourage following Microsoft’s recommendations. If you have not done
so, apply MS17-010 to patch the vulnerability. Otherwise apply KB2696547 to
disable Microsoft Server Message Block 1.0 (SMBv1).

Note that some Fixlets related to the WannaCry vulnerability had their
supersedence reversed and might show as relevant. If you have applied these
Fixlets before, you do not have to apply them again.

To properly patch your device, apply the respective Fixlets for the
following operating systems.



I. Security Bulletin MS17-010


KB4012212 - Windows Server 2008 R2 SP1, Windows 7 SP1

    MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017,
MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality Update -
Security Only - Windows Server 2008 R2 SP1 - KB4012212 (x64) (ID: 1700631)
    MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017,
MS17-018, MS17-020, MS17-021, MS17-022: Security Only Quality Update -
Security Only - Windows 7 SP1 - KB4012212 (x64) (ID: 1700633)
    MS17-008, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017,
MS17-018, MS17-020, MS17-021, MS17-022: Security Only Quality Update -
Security Only - Windows 7 SP1 - KB4012212 (ID: 1700635)



KB4012213 - Windows Server 2012 R2, Windows 8.1
    MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016,
MS17-017, MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality
Update - Security Only - Windows Server 2012 R2 - KB4012213 (x64) (ID:
1700637)
    MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016,
MS17-017, MS17-018, MS17-021, MS17-022: Security Only Quality Update -
Security Only - Windows 8.1 - KB4012213 (x64) (ID: 1700639)
    MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016,
MS17-017, MS17-018, MS17-021, MS17-022: Security Only Quality Update -
Security Only - Windows 8.1 - KB4012213 (ID: 1700641)




KB4012214 - Windows Server 2012
    MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016,
MS17-017, MS17-018, MS17-019, MS17-021, MS17-022: Security Only Quality
Update - Security Only - Windows Server 2012 - KB4012214 (x64) (ID:
1700643)




KB4012598 - Windows Vista SP2, Windows Server 2008 SP2, Windows 8, Windows
Server 2003 SP2
    MS17-010: Security Update for Microsoft Windows SMB Server - Windows
Vista SP2 - KB4012598 (x64) (ID: 1701001)
    MS17-010: Security Update for Microsoft Windows SMB Server - Windows
Server 2008 SP2 - KB4012598 (x64) (ID: 1701003)
    MS17-010: Security Update for Microsoft Windows SMB Server - Windows
Server 2008 SP2 - KB4012598 (ID: 1701005)
    MS17-010: Security Update for Microsoft Windows SMB Server - Windows
Vista SP2 - KB4012598 (ID: 1701007)
    MS17-010: Security Update for Windows SMB Server - Windows 8 -
KB4012598 (ID: 1701009)
    MS17-010: Security Update for Windows SMB Server - Windows 8 -
KB4012598 (x64) (ID: 1701011)
    MS17-010: Security update for Windows SMB Server - Windows Server 2003
SP2 - KB4012598 (x64) (ID: 1701013)
    MS17-010: Security update for Windows SMB Server - Windows Server 2003
SP2 - KB4012598 (ID: 1701015)
    MS17-010: Security update for Windows SMB Server - Windows XP SP2 -
KB4012598 (x64) (ID: 1701017)
    MS17-010: Security update for Windows SMB Server - Windows XP SP3 -
KB4012598 (ID: 1701019)




KB4012606 - Windows 10
    MS17-006, MS17-007, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013,
MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative Security
Update for Windows 10 - Windows 10 - KB4012606 (ID: 401260601)
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows 10 - Windows 10 - KB4012606 (x64) (ID:
401260603)




KB4013198 – Windows 10
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows 10 - Windows 10 Version 1511 - KB4013198 (x64)
(ID: 401319801)
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows 10 - Windows 10 Version 1511 - KB4013198 (ID:
401319803)
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows 10 - Windows 10 Version 1607 - KB4013429 (ID:
401342907)



KB4013429 - Windows Server 2016, Windows 10
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows Server 2016 - Windows Server 2016 - KB4013429
(x64) (ID: 401342909)
    MS17-006, MS17-007, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012,
MS17-013, MS17-016, MS17-017, MS17-018, MS17-021, MS17-022: Cumulative
Security Update for Windows 10 - Windows 10 Version 1607 - KB4013429 (x64)
(ID: 401342911)






II. KB2696547 - Windows 7, Windows 8, Windows 8.1, Windows 10, Windows
Vista, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012,
Windows Server 2012 R2, Windows Server 2016

    2696547: Disable SMBv1 in Windows and Windows Server - Disable
Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista /
Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 -
KB2696547 (ID: 269654703)
    2696547: Disable SMBv1 in Windows and Windows Server - Disable
Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows
Server 2012 R2 / Windows Server 2016 - KB2696547 (ID: 269654707)
    2696547: Disable SMBv1 in Windows and Windows Server - Enable
Workaround (Disable SMB v1) - Windows 7 / Windows 8 / Windows Vista /
Windows Server 2008 / Windows Server 2008 R2 / Windows Server 2012 -
KB2696547 (ID: 269654701)
    2696547: Disable SMBv1 in Windows and Windows Server - Enable
Workaround (Remove SMB v1 completely) - Windows 8.1 / Windows 10 / Windows
Server 2012 R2 / Windows Server 2016 - KB2696547 (ID: 269654705)



FAQ
Q: How do I determine if my device has been patched?
A: If your device normally receives patch from BigFix and is not relevant
to the respective Fixlets listed above, your device has been patched.

Q: I suspect that my device might be missing this update. How do I verify
this?
A: You can download the Microsoft Baseline Security Analyzer (MBSA) and run
a scan on the target device to generate the MBSA report. If the report does
not list the respective KB as missing, the device has been patched.
There is a known issue that the report might contain a bulletin number that
is different from MS17-010. Use the patch's KB number as reference to
assess the report.

Q: I ran a scan to check for missing updates. The MBSA report advised that
my device has been patched but the Security Only patch is installable when
manually executed. Is this normal?
A: This is a known issue. Even when a monthly rollup is installed,
security-only patch can be manually installed. This is attributed to
Microsoft's patch relevance algorithm. BigFix has built additional logic to
work around such issues. We ensure that in cases where monthly rollup is
installed, security-only patch are marked as not required or not relevant.



References:
   For Microsoft’s update post on the Petya malware attack, see
   http://bit.ly/2u0HThN.
   For Microsoft’s wiki entry of the Petya malware, see
   http://bit.ly/2u1jwAq.
   For details about Microsoft Security Bulletin MS17-010, see
   http://bit.ly/2qmU20t.
   For the post on using BigFix Patch to protect devices from the WannaCry
   ransomware, see https://ibm.co/2s4Jem8.
   For more information about the patches that Microsoft released for
   older, unsupported platforms, see http://bit.ly/2raS5BZ.
   For more information about the differences between Security Only and
   Monthly Rollup updates, see http://bit.ly/2bmEun0.
   To download the Microsoft Baseline Security Analyzer (MBSA), see
   http://bit.ly/1IJ6bkg.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20170704/e3c5babe/attachment.html>

More information about the Besadmin-announcements mailing list