[Joey]

Links are at the bottom of this notice. https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

[zephyr]

Joey, I read the MS document you posted. I see no mention of Windows 7. But I am assuming if people have been installing all my Security Updates as they are offered, then they should be covered. Correct? It's just a bit odd that they mention Windows 8 and 10, but not 7. Thanks, ~z

[Joey]

Google: wannacry windows 7 patch led to: https://answers.microsoft.com/en-us/windows/forum/windows_7-security/wanna-cry/22e47764-1e46-4576-beaa-6270850b9fda

[zephyr]

Thanks, Joey. Their blog article says: We recommend customers that have not yet installed the security update MS17-010 The MS article has a link to install that update. Do you have any idea if it would be an issue to try to install something that you may already have on the system? This would be in the situation where one couldn't tell if MS17-010 was added during an update process and it doesn't appear to show in the Update History. Thanks, ~z

[Joey]

Don't know. One option would be to do a complete backup and then install the patch and see what happens.

[zephyr]

Thanks for replying. I may be alright. I do have this installed in March: KB3127945. It's a Security Update for MS Office. Unfortunately this is just a little too complex to understand in this manner. I never click on blind links that occasionally come my way. It's just puzzling that I can't see the Security Patch listed in my list of Updates since I have been accepting them all along. I suppose I could haul my computer into the shop and have someone look it over to be sure. Meanwhile I will do a more current back up. ~z Note: I have called a friend about this. I did a check for updates on my computer and it said that there were no new updates. I got a green light. So we (two other friends) are thinking that I must have received the patch. Just that for some reason it is not listed in the updates. One suggested that it was "rolled up" into one of the other updates.

[zephyr]

This just in: British man, 22, thwarted global cyberattack disaster with $11 (link to a Daily News article.) Quote: Shutting down the global cyberattack that infected nearly 100 nations came down to a twenty-something British computer geek vacationing at home. The security researcher says he shut down the fast-spreading ransomware program by purchasing a domain name for $10.69 — and accidentally activating its kill switch. In a lengthy Saturday web posting, the 22-year-old explained how he received a sample of the malware from a friend and “instantly noticed it queried an unregistered domain.” The long, strange domain name ended with gwea.com, and he immediately paid to register the site. ... Once he went live on the site, the “Wanna Cry” malware program, augmented by leaked U.S. National Security Administration technology, began to shut down — not that he was immediately aware. “Humorously at this point we had unknowingly killed the malware,” he wrote. But he was soon “jumping around with ... excitement” as it became clear this site contained the program’s kill switch. Not yet sure if this is true or not. Still checking. Meanwhile here is a link to his Twitter feed. Some of you might find it interesting. ~z

[zephyr]

Okay, here's the article in The Guardian with a warning. ~z Quote: He also said he planned to hold onto the URL, and he and colleagues were collecting the IPs and sending them off to law enforcement agencies so they can notify the infected victims, not all of whom are aware that they have been affected. He warned people to patch their systems, adding: “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.” He said he got his first job out of school without any real qualifications, having skipped university to start up a tech blog and write software. “It’s always been a hobby to me, I’m self-taught. I ended up getting a job out of my first botnet tracker, which the company I now work for saw and contacted me about, asking if I wanted a job. I’ve been working there a year and two months now.”

[zephyr]

Additional notes from The Guardian article. ~z Quote: The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organisations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. ... The kill switch won’t help anyone whose computer is already infected with the ransomware, and it’s possible that there are other variants of the malware with different kill switches that will continue to spread. ..

[Ski]

Well, that was fun..... When Microsoft was trying to jam Windows 10 down my throat with pop-up boxes popping up on my screen every few minutes, I finally managed to figure out how to put a stop to it by turning off all Windows updates, which (at that time) was apparently the only way to prevent Microsoft from installing Windows 10 on this machine. So when I read about this new bug on the web, and then saw the link above in the OP, I figured I'd go ahead and install all the "updates" and somewhere among them would most likely be the patch for this thing. Two and a half hours later, the computer went into a "boot loop" and not only would not install any of the update files, it wouldn't load the operating system. Finally, re-booting into "safe mode", I was able to run a "system restore" and at least get the machine running. I am assuming there's no way now to download or install a patch for this latest bug, correct? THANKS MICROSOFT!

[zephyr]

[Ski]

This machine runs Windows 8.1 Not sure if I did that "Never 10" deal or not - been over a year since that deal. As I recall, I ended up just toggling the "Windows update" OFF. So.... what it tried to do this morning was download and install 77 update packages, and then when it restarted gave me the error message and went into what was referred to as a "boot loop" according to some "troubleshoot" website my girlfriend found on her smart phone. Got the issue remedied by running a "restore", but I would guess that I am still lacking whatever "patch" is necessary to prevent acquiring the virus that is the subject of this thread. Just heard on the news that it attacked the Brazilian Social Security network. This thing is raising hell all over the planet. It may sound a bit rash, but I think if and when they catch the knuckleheads doing stuff like this they should just be summarily executed on the spot. Maybe that would provide a bit of disincentive.

[moonspots]

[Randito]

Running Win10 here -- and I let MSFT automatically download and install updates, so my PC reboots during the "wee hours" on Wednesdays with some frequency (MSFT usually releases updates on Tuesdays) No problems with ransomware or other attacks.

[zephyr]