WannaCry Virus
Description:
Last week, a new worm was unleashed that was hitting many organizations that had certain ports exposed to the internet. This is a guide to avoid this attack:
To Resolve:
-
The main fix: Block 139/445 at firewall, patch all servers
-
More detailed:
- Check if SMB1 is enabled (2012 and above):
1
Get-SmbServerConfiguration | Select EnableSMB1Protocol
- 2008 R2 and below:
1
Get-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1
- If you want to fix it on an individual machine (2012 and above):
1
Set-SmbServerConfiguration -enableSMB1Protocol $false -confirm:$false
- Fixing an individual system on 2008 R2 and below:
1
Set-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 -Force
-
If you want to fix it network wide => GPO to disable it (works for all OSes):
1 2 3 4 5 6 7
Computer Configuration\Preferences\Windows Settings\Registry: Action: Update Hive: HKEY_LOCAL_MACHINE Key Path: SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters Value name: SMB1 Value Type: REG_DWORD Value Data: 0 (hexadecimal)
-
Things this will break if you implement these fixes: Mainly scan-to-folder functions on Multifunctional printers/ check Reddit for others
Comments