A Message from Hal Bookbinder - Former IAJGS President
The WannaCry ransomware has been all over the news as it
has infected hundreds of thousands of computers worldwide, impacting major
institutions as well as individuals. While all of the information below is
available online, I have not found it written in nontechnical terms in a single
place. Hope you find this helpful. Feel free to share with your membership.
Additionally, please let them know that my series of monthly Practicing Safe
Computing articles, which are published in Venturing into our Past, the newsletter
of the JGSCV, is available in a single, indexed PDF at http://preview.tinyurl.com/kauzaat.
A new article is added to this ever-growing free resource by the first of each
month.
What is the issue?
* The WannaCry (or WannaCrypt) ransomware exploits a
vulnerability in all versions of the Windows Operating System (OS).
* Microsoft issued the following to explain this exploit,
http://tinyurl.com/me8rx8g.
* The above bulletin contains a link to Microsoft
Security Bulletin MS17-010, which includes the security patch to fix this
vulnerability.
Do I need to worry?
* If your computer is running a supported version of the
Windows OS (7, 8.1 or 10) AND is set to automatically accept security patches
from Microsoft, you should be protected.
* If you are running Windows 10, automatic updates are
turned on and cannot be turned off by the home user, so you should be
protected.
* If you are running a supported version but it is not
set to automatically accept security patches, you are at risk.
* If you are running a non-supported version Windows OS
(8.0, XP or earlier), you are at risk.
What if I do not know which version of Windows I am
running?
* A quick facility to check what Windows OS you are
running is http://tinyurl.com/zmk89k4
(this is not a Microsoft site). It will display your OS at the top of the page
and give you instructions if you want more details.
* Alternatively, you can find instructions at http://tinyurl.com/hd645o6. Though not
quite as convenient, and only covering supported versions, this is a Microsoft
site.
What if I am running Windows 7 or 8.1 and do not know if
automatic updating is turned on?
* For instructions, see the following Microsoft
publication, http://tinyurl.com/z6t342p.
Go down to the portion entitled "Turn on and use Automatic Updates".
* If you find that you do not have automatic updating
turned on, you are strongly advised to turn it on.
What do I do if I am at risk?
* The Microsoft bulletin cited in the first section, http://tinyurl.com/me8rx8g,
contains links to download the MS17-010 patch
* In a highly unusual move, Microsoft has issued security
patches for several unsupported Windows versions, including XP and 8.0, which
are otherwise not supported with any fixes. Microsoft also offers a patch for
Windows Server 2003. However, this is primarily a business installation and it
is highly unlikely you have it on your home computer. Links to these downloads
are at the bottom of the bulletin.
* If you are running an earlier version of Windows, no
fix is available from Microsoft.
* If you are on an unsupported version of Windows, it is
highly recommended that you upgrade.
Note: Since I am running on Windows 10 and Windows 8.1 at
home and on Windows 7 in the office and all have automatic patching turned on I
have not actually exercised the manual download. However, as it is directly
from Microsoft I see no reason why it would not function properly.
Hope you find this helpful.
All the best and see you in Orlando!
Hal Bookbinder
