May 14, 2017

Microsoft Release wannacry/cryware Ransomware patch for Windows XP and Windows Server 2003

By pdhewjau Blog 2 Comments

On my previous blog, I have shared my knowledge on how wannacry/cryware Ransomware has been infecting the computers worldwide. This ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. While the attack is unfolding, we remind users to install MS17-010 if they have not already done so as I have requested on my last blog. Also, Microsoft Release wannacry/ cryware Ransomware Patch for Windows XP and Windows Server 2003 which are End of life Product. But now how to download these patches.

if you go to the link

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

you will find updates above Vista and on server side you will find the updates from Server 2008 only. Hence, I am sharing the link from where you can download the patches for Windows XP SP3 and Server 2003.

To Download the updates please click on below link.

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

If you are not able to open the download page, you can directly download from here:

For Windows XP SP3

For Windows 8

Security Update for Windows 8 (KB4012598)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x86_a0f1c953a24dd042acc540c59b339f55fb18f594.msu

Security Update for Windows 8 for x64-based Systems (KB4012598)

http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/05/windows8-rt-kb4012598-x64_f05841d2e94197c2dca4457f1b895e8f632b7f8e.msu

For Server 2003

Security Update for Windows Server 2003 for x64-based Systems (KB4012598)

http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_f24d8723f246145524b9030e4752c96430981211.exe

Security Update for Windows Server 2003 (KB4012598)

http://download.windowsupdate.com/c/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x86-custom-enu_f617caf6e7ee6f43abe4b386cb1d26b3318693cf.exe

Indicators of compromise

SHA1 of samples analyzed:

51e4307093f8ca8854359c0ac882ddca427a813c
e889544aff85ffaf8b0d0da705105dee7c97fe26

Files created:

%SystemRoot%\mssecsvc.exe
%SystemRoot%\tasksche.exe
%SystemRoot%\qeriuwjhrf
b.wnry
c.wnry
f.wnry
r.wnry
s.wnry
t.wnry
u.wnry
taskdl.exe
taskse.exe
00000000.eky
00000000.res
00000000.pky
@WanaDecryptor@.exe
@Please_Read_Me@.txt
m.vbs
@WanaDecryptor@.exe.lnk
@WanaDecryptor@.bmp
274901494632976.bat
taskdl.exe
Taskse.exe
Files with “.wnry” extension
Files with “.WNCRY” extension

Registry keys created:

HKLM\SOFTWARE\WanaCrypt0r\wd

Karthik Selvaraj, Elia Florio, Andrea Lelli, and Tanmay Ganacharya
Microsoft Malware Protection Center

Check my Next blog to push these update using GPO

Tags:cryware, Eternalblue, Ransomware Patch, Shadow brokers, wannacry, Windows Server 2003, Windows XP

About Author

pdhewjau

Prashant is a Principal Cybersecurity Specialist at Thakral One Nepal. His prior position as a Modern Work Security Specialist at Microsoft saw him providing invaluable guidance to major clients in Bangladesh, Brunei, Cambodia, and Myanmar, assisting them with their foundational security needs. Awarded the esteemed Microsoft Most Valuable Professional (MVP) accolade in 2017, Prashant is recognized globally among Microsoft peers. Since 2010, he has imparted his expertise as a Microsoft Certified Trainer (MCT), conducting specialized training across Nepal.

2 Comments

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.