Bản Vá Ms17-010

Microsoft responds to WannaCry ransomware with an MS17-010 patch for legacy systems as new ransomware variants spread to more countries around the globe.

Bạn đang xem: Bản vá ms17-010


*
Infection path of the WannaCry ransomware worm.

Other WannaCry ransomware mitigations

Patching systems against the SMBv1 vulnerability is not the only way lớn mitigate the threat of WannaCry & security researchers have sầu been doing their part to stop the infections. U.K. researcher MalwareTech analyzed the ransomware and found the command & control (C&C) domain was hardcoded in the malware, and took the standard approach of registering the domain. Doing so broke the C&C connection, acting lượt thích a "kill-switch" for the WannaCry ransomware.

Matt Suiche, Microsoft MVP và founder of Comae Technologies, a cybersecurity company based in the United Arab Emirates, found a WannaCry ransomware variant using a different domain that he was able lớn register in order khổng lồ slow the infection.

Xem thêm: Cách Lên Đồ Slimz - Hướng Dẫn Chơi Slimz Liên Quân Mobile Mùa 18

Since registering the 2nd killswitch yesterday, we stopped ~10K machines from spreading further - mainly from Russia. #WannaCry #OKLM pic.twitter.com/eQziRoq8UN

— Matthieu Suibịt (
msuiche) May 15, 2017

However, Suiđậy noted that registering a tên miền as a kill switch is only a temporary measure, as the actors behind the ransomware could change the domain name, & there are also variants of the WannaCry malware surfacing that don"t have hardcoded C&C domains.

Experts also suggested following the advice of US-CERT from January and disabling SMBv1 when possible to lớn stop the WannaCry ransomware spread, as well as blocking port 445.

Brian Vecci, technical evangedanh mục at Varonis, a data security software company based in Thủ đô New York, said "if there is a patch available, you should patch it."

"System exploits will always be an issue & admins need to lớn defover in depth -- patching is one defense, but not the only one," Vecci told channeljc.com. "Disabling SMBv1 & blocking relevant ports are a tactical defense to this attack. Basic security procedures lượt thích patching và turning off legacy protocols would have gone a long way in preventing the damage from this attaông chồng."

Duncan McAlynn, principal engineer & security evangedanh sách at Ivanti, an IT automation & integration company based in Salt Lake City, said disabling SMBv1 would be the "most obvious approach."

"However, it goes well beyond just a registry modification. Organizations that are serious about infosec will also have sầu other measures in place khổng lồ help thwart such malicious attacks," McAlynn told channeljc.com. "This type of defense-in-depth approach will include solutions such as application whitelisting, device control, next generation firewalls & post-breach threat detection."

Damãng cầu Simberkoff, chief compliance and risk officer at AvePoint, a cloud security company based in Jersey City, N.J., said the best security measure against attacks lượt thích the WannaCry ransomware may be "continuous và ongoing education of employees."

"This education cannot be a once a year training course, but rather it must be pervasive throughout the culture of your organization. Because in the absence of security education or experience, people naturally make poor security decisions with công nghệ," Simberkoff told channeljc.com. "This means that systems need to lớn be easy lớn use securely & difficult to use insecurely. Your security & data protection education program should include information about the importance of patching your operating systems and the direct tie of unpatched systems to vulnerabilities."

Next Steps

Learn more about using a VM firewall as part of a defense-in-depth strategy.