Greets
Here is the link to Microsoft Security Bulletin MS17-010 - Critical
Security Update for Microsoft Windows SMB Server (4013389)
includes win 7 & 8 & 10 & Server & etc
https://technet.microsoft.com/en-us/library/security/ms17-010.aspxhere is the link for XP, Vista, Win 8 , Win Server
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598please review the entire page links, disclaimers, etc.
ALSO please bear in mind that any of the above **WILL** make more changes than advertized,
they may introduce features that you do not want, and may break functionality that you actually need.
before patching always make and test complete backups.
You should already HAVE complete backups no older than 1 week old.
to reiterate
make multiple backups before doing anything.
back up your REGISTRY
back up your O/S
back up your apps
back up your userdata
test your backups - by that I mean change stuff, restore from backup, and confirm that the restore actually worked!
You *should* be doing backups at least monthly, preferrably weekly.
if it's your business, then do it daily on removable media and take it offsite. with 64G and 128G thumbdrives thre is no reason not to.
IF YOU RUN LINUX or UNIX - make absolutely sure your O/S vendor supports the METHOD and MEDIA of your choice,
and TEST IT!!!
Whilst working for the now long gone sun micro, I had to inform any number of unfortunate
cheap frugal EU customers that the backups
they had been taking for over a year of their UNIX server onto an ancient Sun Workstation onto a USB thumbdrive were not readable because
a) only one brand and style of thumbdrive was supported at the time of manufacture ( ~2002 )
b) that brand and style "went under" ~ 2005
c) the thumbrives he was using were not even recommended for UNIX by the maker
d) they only found out the backups weren't readable cuz they needed to restore them NOW
e) they never did a "restore test" or a "longevity test" of the thumbdrives
f) the fact that he could read and write "small files" as a test was literally irrelevant - it was "unsupported" and therefore he was boned.
Even further back I had to tell a bunch of cheapskates ( again EU, I don't understand it) that the UNIX dump utility WAS NOT a suitable backup method. They insisted that "their Sales Rep set it up, and it worked fine". When asked why they were calling in "for support" they replied
well, the restore isn't working right..... had to tell them the state of the memory and disk was dynamic and therferore could not be guarenteed
a) it was "unadvised"
b) it was "unsupported"
c) their only recourse was to go to the guy who set it up
but I would be happy get a manager and we could make a call to their VP of IT and explain how and why they were going down the tubes...
also - Update -
FYI this virus is one of the RANSOMEWARE dealies. It encrypts everything on your hard drive and then demands $300 or more in
untraceable internet money aka BITCOINS.
This is mainly spread thru email that looks like it's from someone you know or have already corresponded with.
that's one of the cute tricks in this delivery: the Bad Guys apparently bought the user data that was hacked from Yahoo Mail about 2+ years ago. they used the address books to "spoof" the ID of the sender to look like, say , my yahoo email address, then used the adress book to send the virus to people "I" would know and have sent email to.
Fortunately I efducated Mrs Marvel and my friends - they looked at the raw email, saw the link was obfuscated , and THEN noticed it was my old, now dead and abandonned yahoo email adress that had been previously stolen!
Oh yeah, the Bad Guys also tried sending me several emails that look almost exactly like an official email from amazon or paypal.
But I could tell, and forwarded them to the appropriate authorities at both amazon and paypal. No replies from them, but I have learnt not to
expect any.
That's one reason why I stopped using server-based adress books . If you use a local PC email reader and local address books & etc, lilke Mozilla Thunderbird, it keeps MORE of your stuff off the "cloud" ... which we can see is so easily compromised.
The patches are all well and good, but they only come out AFTER a virus or worm attack.
Closing the door after the horses ran off. And the barn burned down.
If you run your browser and email INSIDE a service like SANDBOXIE anything a virus can do inside sandboxie is stuck inside that "sandboxed area" The virus, if executed, can collect passwords you used in the sandbox or use your email from inside the sandbox, but it can't
affect your harddrive.
hope this helps.
yhs
prof marvel
