Yann Shukor
asked on
Microsoft Security Bulletin MS17-010 - Critical
Hi
One of my customers is asking me to apply the patches recommended by this bulletin
I can't make head or tails of this bulletin: its title refers to Windows SMB Server yet the table below seems to run through all available versions of Windows
When I select one version of the patch it opens a new page with a list of patches for various systems, some of which refer to the initial link
When I try to install some of them I get a message stating that this patch doesn't apply to the system I am on
When I check the Windows Update control panel on all their systems it only mentions optional (non important) updates that are available for installation
I'm not sure what to do; any advice ?
thanks
yann
One of my customers is asking me to apply the patches recommended by this bulletin
I can't make head or tails of this bulletin: its title refers to Windows SMB Server yet the table below seems to run through all available versions of Windows
When I select one version of the patch it opens a new page with a list of patches for various systems, some of which refer to the initial link
When I try to install some of them I get a message stating that this patch doesn't apply to the system I am on
When I check the Windows Update control panel on all their systems it only mentions optional (non important) updates that are available for installation
I'm not sure what to do; any advice ?
thanks
yann
ASKER
Thanks for your response Adam
Why aren't the recommended patches being distributed through the Windows Update control panel ?
It would make life so much easier
In the new page that opens up from the bulletin, besides containing patches for other systems, there are critical or monthly rollup patches - how does one determine which is required ?
If I disable SMBv1 are the patches still necessary ?
Why aren't the recommended patches being distributed through the Windows Update control panel ?
It would make life so much easier
In the new page that opens up from the bulletin, besides containing patches for other systems, there are critical or monthly rollup patches - how does one determine which is required ?
If I disable SMBv1 are the patches still necessary ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Indeed, I searched through Program & Features to see if these updates had previously been installed, and I couldn't find a single one
If you're using WSUS to deploy updates, check the settings on there and make sure everything necessary is approved.
ASKER
Nope, not using WSUS
did you check the installed updates, except for WXP and W2K3 this issue was patched in March (it was a security update)
ASKER
Indeed, I searched through Program & Features to see if these updates had previously been installed, and I couldn't find a single one
Would the patch warn me that it is already installed before attempting to reinstall it ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
If ne disables SMBv1 are the patches still necessary ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SMB is the protocol Windows uses for file sharing. When you navigate to a shared folder, that folder's contents are shown through SMB and the files are copied through SMB. Every version of Windows since Windows 2000 has included it as part of the OS, turned on by default. In Windows 7 and later (Server 2008 and later), you can disable or uninstall SMBv1, since they use a newer version of the protocol. The security bulletin includes links to patches released in march that fix the vulnerability in the SMBv1 protocol to prevent the type of attack that occurred over the weekend. To get the right version, click on the version of windows you use and it will open another window with different versions of the patch. Make sure you download the right version. Itanium 64 doesn't work on normal 64 bit OSes, and 32 bit won't install on 64 bit.
If you can't get any of the patches to work for you, disabling SMBv1 is also possible. I wrote out instructions on my blog: https://acbrownit.com/2017/05/15/protect-yourself-from-the-wannacrypt-ransomware/