So we just finished rolling out updates to a bunch of our Windows 2012 R2 servers, right in time for the WannaCry malware breakout, which exploits a vulnerability on smbv1 protocol. If you haven’t been keeping up with security patches, these are the list of patch that you need to get for Windows Server 2012 R2, and Windows 8.1.
If you’re on Window Server 2012 R2, install these prerequisites if you haven’t :
As for Windows 2008 R2, you need to have:
If you’re one of those unfortunate guys that stuck with Windows 2003 boxen, you need to have:
And then the patches:
- Windows Server 2012 R2 :
- Windows Server 2008 R2
- Windows Server 2003
You need to install KB2919442 first, then KB2919355, and then either KB4012213 or KB4012216. If you can’t patch yet, then follow these instructions to disable smbv1 on your system. Keep in mind that this will also shut off the file server function from clients using Windows Server 2003 and XP workstations.
As for patching the rest of your horde of windows machines, go here, or here, if you’re stuck with Windows Server 2003 and XP. And last but not least, test the patch first.