Archive for the ‘Windows 2012 R2’ Category

“WannaCrypt”–Patch first and then verify depreciation of SMBv1

May 15, 2017

Due to ongoing “WannaCrypt” attacks highly recommended to review if you rely on SMBv1, this feature is installed by default but mostly not in use anymore. WannaCrypt threat uses publicly available exploit code for the patched SMB vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server. The exploit code used is designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this exploit attack. The said vulnerability was fixed in security bulletin MS17-010, which was released on March 14, 2017

image

image

“WannaCrypt” Attacks – If you have automatic updates enabled or have installed the update, your systems are protected against this attack. We encourage to install the update as soon as possible

Please check out below guidelines:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/

MS17-010 for Windows 2012 R2 – KB4012216 direct download here

MS17-010 for Windows 2016 – KB4013429 direct download here

You can verify what SMB version your servers are using with “Get-SmbConnection | fl Servername,Dialect”

if you want to uninstall SMBv1 you can do this by running below command but you should verify first

Get-WindowsFeature | where {$_.Name -match "FS-SMB1"} | Remove-WindowsFeature

if you want to remove that on a bunch of servers a.e. in a cluster you do something like this

Here is some more guidance on how to enable/disable a specific SMB version –> https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

https://blogs.technet.microsoft.com/josebda/2015/04/21/the-deprecation-of-smb1-you-should-be-planning-to-get-rid-of-this-old-smb-dialect/

Stay secured!

Ramazan

Recommended hotfixes for Windows 2012 R2 failover clusters

April 27, 2016

there is no more the need to keep your own lists of clustering patches as this is now summarized in KB2920151. this includes the recommended Failover Cluster and as well the Hyper-V patches

Windows Server 2012 Failover Cluster patches are covered in KB2784261 and the recommended patches for Windows Server 2012 Hyper-V can be found here

worth to take a look at it to keep your clusters healthy, stay tuned

KB3000850–November Rollup 2014

December 4, 2014

3000850 is a recommended rollup for failover clusters. beside few others a lot of fixes around Hyper-V and Clustering are included.

A cumulative update that includes the security updates and nonsecurity updates including Failover Clustering updates that were released between April 2014 and November 2014. Available from Windows Update and for individual download from Download Center. To apply this update, you must first install the update 2919355 on Windows Server 2012 R2.

Checkout the details here

http://support.microsoft.com/kb/3000850

http://support.microsoft.com/kb/2920151