We help IT Professionals succeed at work.

WannaCry MS Patch for SBS2011

780 Views
1 Endorsement
Last Modified: 2017-06-07
Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
Comment
Watch Question

Scott CSenior Engineer
CERTIFIED EXPERT

Commented:
Have you ran the automatic updates?  It should get installed automatically.

Author

Commented:
Automatic updates keep failing, then i have to restart in safe mode, and then regular mode again to revert, i think its a SBS2011 problem, dont have this with any 2012 servers
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
There is no official one for 2011. Instead suggest you disable SMB.
For client operating systems:


Open Control Panel, click Programs, and then click Turn Windows features on or off.
In the Windows Features window, clear the SMB1.0/CIFS File Sharing Support checkbox, and then click OK to close the window.

Restart the system.
 
For server operating systems:

Open Server Manager and then click the Manage menu and select Remove Roles and Features.

In the Features window, clear the
SMB1.0/CIFS File Sharing Support check box, and then click OK to close the window.
Restart the system.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
All you really can do is disable SMBv1. Hopefully that doesn't break anything. Your only other alternative might be to utilize HIPS on that server. However, you would ideally have a roadmap to replace the server.

Author

Commented:
Thanks again all, but in Features on the SBS2011 server, there is no listing for SMBv1 anywhere in the list of features
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

I highly recommend you test properly, because you do want to be sure nothing breaks. Like things you do with a network printer or scanner (especailly if it sends documents to file shares).
Kyle SantosQuality Assurance Engineer at Dassault Systemes
CERTIFIED EXPERT

Commented:
fwiw, I saw Adam Post this earlier.
https://www.experts-exchange.com/posts/780/While-we're-all-running-around-getting-things-patched-and.html#comments
While we're all running around getting things patched and making sure our clients know how to keep from getting ransomware, let's also take a minute to disable SMBv1 as well. Patching will help this time, but you *know* someone is going to try to find another huge hole in SMBv1 to exploit. No Windows OS after Windows XP uses SMBv1, but MS had to include it in their newer OSes for compatibility. All the OSes that only use SMBv1 have been EOL for years. Let's just get future SMBv1 exploits off the table now, shall we?

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

Author

Commented:
I agree, however, no body seems to have a solution to disable SMBv1 on SBS2011, i have an open question on this, but no solution yet.

All the regular posts show methods for Server 2012 and a registry entry for Server 2008 (Supposed to be what SBS2011 was based on) however, the Server 2012 Powershell commands dont work and the registry entry for server 2008 doesn't exist in SBS2011 registry.

Please help!!!!
Natty GregIn Theory (IT)
CERTIFIED EXPERT

Commented:
Use Comodo to protect your server, I normally do not recommend antivirus running on servers but in today's ransom age I have to change that thought until we find a better alternative.. But Comodo has a video showing how it was able to defeat the current wannacry business going on.

While you're at it Patch all systems
Exec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
If your server will not update you have more problems than this patch.  Realize the patch is just to slow down the spreading, it does nothing to mitigate the effects.  If run from a station it will still encrypt your shares.

What exactly is the issue with Updates on that server and how are they being done.  SBS is mean to be updated via WSUS and if it is then Windows update will look there.  Have you checked to see if WSUS (if in use) is started and is syncing?
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I am not in favor to delete away thought the straight answer is that there is no patch for 2011 server build from Windows release. Even the disable of SMB through registry is not tested to verify its invalidity. But to note the registery may very well be the same entries. Blocking of SMB port are another layer to reduce exposure from the whole spirit to mitigate the Wcry threat.

Personal view on this is that we should broaden the way to approach in guidance when there is no point blank recommendation. Deleting qns is a mean to the end but better to have author decide the assessment. May very well still delete if consensus from author is the same..
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
We hope to hear from the author input to close the qns.
Kyle SantosQuality Assurance Engineer at Dassault Systemes
CERTIFIED EXPERT

Commented:
Nice.  It looks like you were able to help them, btan. =)
btanExec Consultant
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Thanks kyle. Hope so too.

Commented:
Its the same patch you would use for Server 2008 R2, The most likely reason you get this error is you require Service pack 1 Installed for the patch to install
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.