Kaseya Community

Need help with WannaCry/pt?

  • Due to recent events surrounding the recent outbreak of the “WannaCry” ransomware, the WannaCry/Crypt has made international headlines due to the rate of spread for a ransomware attack.  The technical community is still assessing the full impact and it is important to understand the vulnerability for the attack was a known vulnerability in Windows.  Those with patched OS's should not be affected.

    Kaseya experts have worked together to assist customers during their investigation to quickly and easily create a report that identifies machines that may be at risk if they do not have the security monthly rollup or the MS17-010 patches. We have provided two options in which to generate a report, Option 1 being a report based on using log data and Option 2 based on using a custom field.  We have made the solution available through the Knowledge Base and on Automation Exchange.

    1. KB Article Link – https://helpdesk.kaseya.com/hc/en-gb/articles/115007466387
    2. KB Article# - 115007466387
    3. Automation Exchange Link -  https://automationexchange.kaseya.com/products/380

     

    Special Note: If you have Windows XP/2003/embedded/vista machines, specific patches were released for those, and you can easily manage this through Patch Management without any further intervention. 

    These tools are not to be used as substitute for thorough investigation and patch strategy.

  •  Thanks.

    "Special Note: If you have Windows XP/2003/embedded/vista machines, specific patches were released for those, and you can easily manage this through Patch Management without any further intervention."

    Can you double check on this?  While we have the patches released from back in April, I don't see any of the patches released in May for Windows XP or Server 2003 listed in the VSA.

  • @Brian - thanks for asking.  Clarification below verified technically...

    You won't see any May patches for Windows XP or Server 2003 on the VSA. These are legacy OS, not supported by Microsoft anymore. While Microsoft did release a special update for this occasion as an exception, they cannot be found by Patch Management in the VSA due to the way they were published by Microsoft.

    Here is an article about these special updates: blogs.technet.microsoft.com/.../customer-guidance-for-wannacrypt-attacks

  • The KB and Automation Exchange procedure were updated today to support 32-bit machines.  

    As we get additional feedback, information, or learnings, we will continue to make updates.  You can check the edit notes or here on the community.