Link to home
Start Free TrialLog in
Avatar of Tyrone Phillips
Tyrone PhillipsFlag for South Africa

asked on

WannaCry MS Patch for SBS2011

Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
Avatar of Scott C
Scott C
Flag of United States of America image

Have you ran the automatic updates?  It should get installed automatically.
Avatar of Tyrone Phillips

ASKER

Automatic updates keep failing, then i have to restart in safe mode, and then regular mode again to revert, i think its a SBS2011 problem, dont have this with any 2012 servers
Avatar of btan
btan

There is no official one for 2011. Instead suggest you disable SMB.
For client operating systems:


Open Control Panel, click Programs, and then click Turn Windows features on or off.
In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.

Restart the system.
 
For server operating systems:

Open Server Manager and then click the Manage menu and select Remove Roles and Features.

In the Features window, clear the
SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
Restart the system.
All you really can do is disable SMBv1. Hopefully that doesn't break anything. Your only other alternative might be to utilize HIPS on that server. However, you would ideally have a roadmap to replace the server.
Thanks again all, but in Features on the SBS2011 server, there is no listing for SMBv1 anywhere in the list of features
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

I highly recommend you test properly, because you do want to be sure nothing breaks. Like things you do with a network printer or scanner (especailly if it sends documents to file shares).
fwiw, I saw Adam Post this earlier.
https://www.experts-exchange.com/posts/780/While-we're-all-running-around-getting-things-patched-and.html#comments
While we're all running around getting things patched and making sure our clients know how to keep from getting ransomware, let's also take a minute to disable SMBv1 as well. Patching will help this time, but you *know* someone is going to try to find another huge hole in SMBv1 to exploit. No Windows OS after Windows XP uses SMBv1, but MS had to include it in their newer OSes for compatibility. All the OSes that only use SMBv1 have been EOL for years. Let's just get future SMBv1 exploits off the table now, shall we?

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
I agree, however, no body seems to have a solution to disable SMBv1 on SBS2011, i have an open question on this, but no solution yet.

All the regular posts show methods for Server 2012 and a registry entry for Server 2008 (Supposed to be what SBS2011 was based on) however, the Server 2012 Powershell commands dont work and the registry entry for server 2008 doesn't exist in SBS2011 registry.

Please help!!!!
Use Comodo to protect your server, I normally do not recommend antivirus running on servers but in today's ransom age I have to change that thought until we find a better alternative.. But Comodo has a video showing how it was able to defeat the current wannacry business going on.

While you're at it Patch all systems
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If your server will not update you have more problems than this patch.  Realize the patch is just to slow down the spreading, it does nothing to mitigate the effects.  If run from a station it will still encrypt your shares.

What exactly is the issue with Updates on that server and how are they being done.  SBS is mean to be updated via WSUS and if it is then Windows update will look there.  Have you checked to see if WSUS (if in use) is started and is syncing?
I am not in favor to delete away thought the straight answer is that there is no patch for 2011 server build from Windows release. Even the disable of SMB through registry is not tested to verify its invalidity. But to note the registery may very well be the same entries. Blocking of SMB port are another layer to reduce exposure from the whole spirit to mitigate the Wcry threat.

Personal view on this is that we should broaden the way to approach in guidance when there is no point blank recommendation. Deleting qns is a mean to the end but better to have author decide the assessment. May very well still delete if consensus from author is the same..
We hope to hear from the author input to close the qns.
Nice.  It looks like you were able to help them, btan. =)
Thanks kyle. Hope so too.
Its the same patch you would use for Server 2008 R2, The most likely reason you get this error is you require Service pack 1 Installed for the patch to install