This is an advisory post to help you confirm if your Windows devices are protected from the current ransomware attack, by having the critical Windows patch installed.
We’ve published a knowledge base article that explains in specific steps how to use Patch Management in the RMM Dashboard to check if your devices are protected – please see:
We’ve devised the list of Windows cumulative updates that contain the MS17-010 patch, which is listed below.
To determine if a cumulative update is superseded or not, you can use the Microsoft Update Catalog:
- Go to http://www.catalog.update.microsoft.com
- Search for one of the patches below (for example KB4015549)
- In the list of results, select the relevant OS version
- In the popup window, click the Package Details Tab, and view the box entitle ‘This update has been replaced by the following updates:’
- Click on any link in that box, to open the more recent patch
- Repeat steps 4 and 5 until This update has been replaced by the following updates shows N/A. The patch which shows N/A is the most recent cumulative update.
Following the above process we have established that the critical MS17-010 patch is bundled into these KBs, grouped by OS. If your device has one of these updates, it will have the essential MS17-010 patch as well.
Patches broken down by Operating System then by KB number:
- Windows XP SP3 32-bit, Windows XP SP2 64-bit, Windows Server 2003 SP2 32-bit and 64-bit, Windows Vista SP2 32-bit and 64-bit, Server 2008 SP2 32-bit and 64-bit:
- Windows 7 SP1 32-bit and 64-bit, Windows Server 2008 R2 SP1 64-bit:
- Windows 8.1 32-bit and 64-bit, Windows Server 2012 R2:
- Windows Server 2012:
- Windows 10 32-bit and 64-bit:
- Windows 10 version 1511 32-bit and 64-bit:
- Windows 10 version 1607 32-bit and 64-bit, Windows Server 2016 64-bit: