A Message from Hal Bookbinder - Former IAJGS President
The WannaCry ransomware has been all over the news as it has infected hundreds of thousands of computers worldwide, impacting major institutions as well as individuals. While all of the information below is available online, I have not found it written in nontechnical terms in a single place. Hope you find this helpful. Feel free to share with your membership. Additionally, please let them know that my series of monthly Practicing Safe Computing articles, which are published in Venturing into our Past, the newsletter of the JGSCV, is available in a single, indexed PDF at http://preview.tinyurl.com/kauzaat. A new article is added to this ever-growing free resource by the first of each month.
What is the issue?
* The WannaCry (or WannaCrypt) ransomware exploits a vulnerability in all versions of the Windows Operating System (OS).
* Microsoft issued the following to explain this exploit, http://tinyurl.com/me8rx8g.
* The above bulletin contains a link to Microsoft Security Bulletin MS17-010, which includes the security patch to fix this vulnerability.
Do I need to worry?
* If your computer is running a supported version of the Windows OS (7, 8.1 or 10) AND is set to automatically accept security patches from Microsoft, you should be protected.
* If you are running Windows 10, automatic updates are turned on and cannot be turned off by the home user, so you should be protected.
* If you are running a supported version but it is not set to automatically accept security patches, you are at risk.
* If you are running a non-supported version Windows OS (8.0, XP or earlier), you are at risk.
What if I do not know which version of Windows I am running?
* A quick facility to check what Windows OS you are running is http://tinyurl.com/zmk89k4 (this is not a Microsoft site). It will display your OS at the top of the page and give you instructions if you want more details.
* Alternatively, you can find instructions at http://tinyurl.com/hd645o6. Though not quite as convenient, and only covering supported versions, this is a Microsoft site.
What if I am running Windows 7 or 8.1 and do not know if automatic updating is turned on?
* For instructions, see the following Microsoft publication, http://tinyurl.com/z6t342p. Go down to the portion entitled "Turn on and use Automatic Updates".
* If you find that you do not have automatic updating turned on, you are strongly advised to turn it on.
What do I do if I am at risk?
* The Microsoft bulletin cited in the first section, http://tinyurl.com/me8rx8g, contains links to download the MS17-010 patch
* In a highly unusual move, Microsoft has issued security patches for several unsupported Windows versions, including XP and 8.0, which are otherwise not supported with any fixes. Microsoft also offers a patch for Windows Server 2003. However, this is primarily a business installation and it is highly unlikely you have it on your home computer. Links to these downloads are at the bottom of the bulletin.
* If you are running an earlier version of Windows, no fix is available from Microsoft.
* If you are on an unsupported version of Windows, it is highly recommended that you upgrade.
Note: Since I am running on Windows 10 and Windows 8.1 at home and on Windows 7 in the office and all have automatic patching turned on I have not actually exercised the manual download. However, as it is directly from Microsoft I see no reason why it would not function properly.
Hope you find this helpful.
All the best and see you in Orlando!