NO! That Windows Update Will Not Save You From WannaCry!

Wannacry has hit hundreds of thousands of victims in at least 150 countries. It was possible because Wannacry has the ability to spread in the network without human intervention. It’s a ransomware with capability of a worm. we watched devastating ramifications of WannaCry. you can track payments from victims of WannaCry here.

The malware utilizes the EternalBlue exploit, leaked from the Shadow Brokers NSA cache earlier this year. The exploit leverages a now-patched security vulnerability in the Windows Server Message Block (SMB) protocol, scanning 445 file sharing ports from Windows endpoints for access to the Internet and enabling the download and execution of ransomware and other malicious programs.

Microsoft released a windows update “Security Update for Microsoft Windows SMB Server (4013389)” to resolve this issue on 14 March 2017.

If infected, the WannaCrypt scans the entire internal network and spread like a worm into all unpatched Windows computers with the help of SMB vulnerability. Wannacry creators used this vulnerability to empower Wannacry. This vulnerability was responsible for ‘spreading’ of Wannacry in the network without human intervention. MS17-010 SMB windows update will not prevent WannaCry from executing. It will only stop spreading of Wannacry in your network.

 

This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

If you have set ‘automatic updates’ to ‘off’ for windows updates, you can patch this vulnerability by installing a critical windows update released by Microsoft.

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

“The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack,” Microsoft says.

Here’s the proof of Concept in which I executed WannaCry after successfully installing windows update (KB4012212 ) for Windows 7 – 32 bit.

 

As we can see, WannaCry can be executed successfully even after patching MS17-010 SMB vulnerability.

Here are the things you can do in order to prevent Wannacry.

About Ashutosh Barot

Ashutosh Barot is a Security Researcher, Tech Enthusiast, Pursuing M.Tech in Cyber Security and Incident Response at Gujarat Forensic Sciences University, Gujarat. He has been acknowledged by various organizations such as Twitter, Symantec Corporation, J.P.Morgan, Trend Micro, Verizon Enterprise, Go Airlines, Codecademy etc. for finding out security flaws in their websites.

Ashutosh Barot

Ashutosh Barot is a Security Researcher, Tech Enthusiast, Pursuing M.Tech in Cyber Security and Incident Response at Gujarat Forensic Sciences University, Gujarat. He has been acknowledged by various organizations such as Twitter, Symantec Corporation, J.P.Morgan, Trend Micro, Verizon Enterprise, Go Airlines, Codecademy etc. for finding out security flaws in their websites.