Important message for Windows 10 users
As you heard, yesterday, a lot of Systems around the world were infected by a Malware named WannaCry. As any malware, the WannaCry infects the machine by encrypting all its files and request amount of Money so it can send key required to restore the data.
This Malware is using a remote command execution vulnerability through SMB, is distributed to other Windows machines on the same network. The vulnerability (MS17-010) is linked to Microsoft machines and can affect Windows Vista, 7, 8, 10 and versions of the Windows Server software. Microsoft initially announced the vulnerability on March 14 and recommended users patch their devices.
Microsoft fixed MS17-010 in its March release but it is likely organizations affected did not patch their devices before the spread of the malware.
Due to the situation, Microsoft took a decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download.
Please Read the Announcement here: Customer Guidance for WannaCrypt attacks.
For More Details information, Please check this article: WannaCrypt ransomware worm targets out-of-date systems
- Make Sure that you Disable NetBIOS and SMB Ports (135.139 and 445) from Listening to external Connections.
- Migrate all your Non-Supported Operating Systems like Windows XP and Windows Server 2003 as they are out of the Extended Support.
- Review the Microsoft Support Policy and Plan for the migration of unsupported OS and OS that will go out of Support soon to Windows 10.
- Implement the Patches from Microsoft.
- If you have Systems running Windows Server 2003:
- Disable Any Web Server running on Windows Server 2003 with WebDAV Enabled.
- Disable any Publicity Accessible RDP Port running on Windows Server 2003.
- Disable All RDP Ports exposed to the Internet. If there a Critical business needs to enable it, then restrict security controls must enabled such as but not limited to Two-Factor Authentication, monitoring of incoming connections and strict password policies. Domain Admins should never have access right for RDP Access.