This is interesting, and perhaps not unexpected: a vulnerability in Windows SMB 1 (used for shared drives) which was patched by Microsoft in March
April, has been exploited.
It’s hit unpatched computers in numerous countries – most infamously, the UK’s National Health Service.
Here's what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS
— Rory Cellan-Jones (@ruskin147) May 12, 2017
— FJ Newman (@fj_newman) May 12, 2017
Despite what some Australian media is reporting, this tracker shows we are not immune — though it may be a reduced impact for now thanks to the weekend. Could be a different story on Monday.
For now it appears to have stopped thanks to someone finding a “kill switch”, but no doubt it or another version will hit again.
The lesson here for any of your computers that are connected to a network:
Patch them. Keep them up to date — preferably set them to automatically install patches.
You can also disable SMB 1 — note there are server and client portions, and that later versions of Windows make this a lot easier than earlier ones.
If you’re using Vista or older, find out about getting an upgrade. Vista patches stopped being issued earlier this year. You’ll be safe from this specific attack if you’re patched, but maybe not the next one. (Windows 7 keeps going until 2020.)
My assumption is that home users who use a broadband modem of some kind may not be at immediate risk this time from outside attack, since the modem can function as a basic firewall, but accidentally running an infected file from an email or web site could bring it in.
This attack has been serious, and other future ones will be too. So stay up to date, and stay safe.
- Blatant plug: If you’re in southeast Melbourne and have no idea how to fix your computer, my brother-in-law runs this company that may be able to help: Bayside PC Services
- In this blog post, Microsoft basically tells governments that they shouldn’t keep discovered vulnerabilities secret and exploit them for themselves (as the NSA did in this case, until that information was stolen) — that they should instead tell vendors so they can be fixed quickly. Difficult to argue with that.