Big Ransomware Outbreak Today - Be Vigilant

BulletDust · May 13, 2017

geok1ng said:
i can not agree. alll 3 PCs in my house already had the patch when i looked into it yesterday... auto updates works, not perfectly, but better than windows reputation suggests

Until you have issues under Windows 10 Home and it's forced driver installation model breaking everything and you have no option but to disable Windows update completely.

geok1ng · May 14, 2017

BulletDust said:
Until you have issues under Windows 10 Home and it's forced driver installation model breaking everything and you have no option but to disable Windows update completely.

one of them is a W10 32b machine, a 2500K + 780

Deleted member 93354 · May 14, 2017

Zarathustra[H] said:
In most cases, your router/ISP blocks these by default.

In fact, most routers block all ports by default, so it requires some configuring to be exposed to the wan.

The ports for SMB/CIFS are 139 and 445 though.

The problem is if you send an email (spear phishing) which contains another exploit and some dummy opens it, you are already inside the firewall and smb is freely available.

heatlesssun · May 14, 2017

geok1ng said:
i can not agree. alll 3 PCs in my house already had the patch when i looked into it yesterday... auto updates works, not perfectly, but better than windows reputation suggests

The squeaky wheel gets the grease. You're never going to hear about the countless times the Windows updates just work but you'll hear an great deal about the instances where something goes wrong, which is unfortunately inevitable in updating something as complex as Windows. It would be great to see the stats on this, how many times a Windows update causes a problem versus when they don't. I thinking the ratio of no issues to issues is extremely high though. Otherwise I think you'd be hearing a LOT more complaints of systems constantly having problems with updates.

In any case for most people the forced updates are better than malware.

BulletDust · May 14, 2017

heatlesssun said:
In any case for most people the forced updates are better than malware.

Of course if that were the case this worm would never have propagated from machine to machine so efficiently.

There's a plethora of method's that could be used to ensure that people update their Windows machines without stripping the user of all updater control. The fact is stripping the user of all updater control was never about ensuring that updates were applied to the benefit of the end user, stripping the end user of all updater control was always about Microsoft maintaining control over what is their OS.

heatlesssun · May 14, 2017

BulletDust said:
Of course if that were the case this worm would never have propagated from machine to machine so efficiently.

There's a plethora of method's that could be used to ensure that people update their Windows machines without stripping the user of all updater control. The fact is stripping the user of all updater control was never about ensuring that updates were applied to the benefit of the end user, stripping the end user of all updater control was always about Microsoft maintaining control over what is their OS.

I'm not saying Microsoft shouldn't give Home users more options but yes there is a security consideration here.

Nanogrip · May 15, 2017

Why won't these intelligent and talented people use their abilities to thwart or attack known terrorist groups? Wait, maybe they are from those groups?

BulletDust · May 15, 2017

heatlesssun said:
I'm not saying Microsoft shouldn't give Home users more options but yes there is a security consideration here.

The fact is undeniable that a blanket fix that involves forcing a user to install updates does not work when the OS has to run on a huge plethora of different hardware configurations and runs a hybrid kernel. If the hardware was controlled, like OSX/macOS, then it would defiantly be an option: But as it stands at the moment the Windows 10 updater is broken.

B00nie · May 15, 2017

Shintai said:
That's your own statement. Seems to work just fine.

Those not patched tend to be a decision not to patch yet or software that is not supported from long ago. But why be bothered about any facts.

Those not patching their windows are doing it because they're accustomed to every update breaking something or changing the way windows works (for the worse).

heatlesssun · May 15, 2017

BulletDust said:
The fact is undeniable that a blanket fix that involves forcing a user to install updates does not work when the OS has to run on a huge plethora of different hardware configurations and runs a hybrid kernel. If the hardware was controlled, like OSX/macOS, then it would defiantly be an option: But as it stands at the moment the Windows 10 updater is broken.

The average person simply isn't qualified to be individually controlling updates. Yes stuff can go wrong and there should be better in the box tools for that situation I agree. But NO ONE should be rejecting remote code execution flaws out of hand without a LOT of good reasons and understanding of what they are doing.

Schtask · May 15, 2017

maxius said:
if you work in

Likely using more attack vectors

Not a new variant. 3rd parties are getting a hold of samples and hex editing out the kill switch. Patch is 100% effective and should be regarded as first step in mitigation if disabling SMBv1 is not an option.

Schtask · May 15, 2017

Nanogrip said:
Why won't these intelligent and talented people use their abilities to thwart or attack known terrorist groups? Wait, maybe they are from those groups?

Intelligent individuals should have patched their environments back in March. When NSA tools are distributed Security Teams should be assessing risk and proactively conveying those assessments to networking teams and management to get resolution as quickly as possible.

Schtask · May 15, 2017

Crixus said:
Intelligent individuals should have patched their environments back in March. When NSA tools are distributed Security Teams should be assessing risk and proactively conveying those assessments to networking teams and management to get resolution as quickly as possible.

However, I understand that even with proper risk assessment and notification to the correct teams will not always equal patching in a timely matter. Especially when business critical devices are concerned.

BulletDust · May 15, 2017

heatlesssun said:
The average person simply isn't qualified to be individually controlling updates.

The average person was never disabling updates in Windows 7, they kept putting off installing them as the Windows updating process is an inconvenient PITA. It's the result of a pointless attempt to hold onto legacy compatibility. Furthermore, applying a blanket, forced, installation process is actually making the problem worse as people completely disable the Windows updater as that's all the control they have over it unless they want to install third party 'freeware' running as Administrator - And even then the freeware doesn't resolve all issues.

Big Ransomware Outbreak Today - Be Vigilant

BulletDust

Supreme [H]ardness

geok1ng

2[H]4U

Deleted member 93354

Guest

heatlesssun

Extremely [H]

BulletDust

Supreme [H]ardness

heatlesssun

Extremely [H]

Nanogrip

Limp Gawd

BulletDust

Supreme [H]ardness

B00nie

[H]F Junkie

heatlesssun

Extremely [H]

Schtask

Limp Gawd

Schtask

Limp Gawd

Schtask

Limp Gawd

BulletDust

Supreme [H]ardness