Its just the various security researcher blogs, kaspersky labs analysis bulletins, etc. etc. nothing special to it - you'd have to have been following the updates semi frequently as they progressed to have the picture of it that I do.
NHS computer systems hacked!?
- Thread starter Tone1979
- Start date
Its just the various security researcher blogs, kaspersky labs analysis bulletins, etc. etc. nothing special to it - you'd have to have been following the updates semi frequently as they progressed to have the picture of it that I do.
I have been follwing it from the start, but want to ensure any wee small bit of info isn't missed.
Caporegime
So I'm at work checking out the PCs (Win 7 SP1 32 bit), what update should I be looking for in control panel to show we had the March update patch
I've got an update on 16th March - KB2952664
The next is 12th Apr - KB4014565
I've googled around but these don't seem to match up with the specific SMB vunerability patch MS released in March?
I've got an update on 16th March - KB2952664
The next is 12th Apr - KB4014565
I've googled around but these don't seem to match up with the specific SMB vunerability patch MS released in March?
Associate
Try looking for MS17-010 - I think that should do it.
Caporegime
- Joined
- 30 Jul 2006
- Posts
- 12,129
I have been following as many of the updates as I can semi frequently and based on your many posts, you do know a lot. However, in fairness, you do come across as a bit of an armchair expert who is not particularly interested in clarifying or summarising.
Based on your insight, why not put together an informed and informative post explaining:
- How this malware reached PCs (e.g. email, IP address and open port)
- If by email, what was the content of the email (URL, attachment)
- If an attachment, what was it (I have seen references to Word document or .PDF)
- How any affected organisation or person can recover (aside from restoring from a backup)
- What lessons the average (e.g. GP IT support person) can learn from this event
If you decide to take my challenge, many thanks; if not, thanks for reading so far
Last edited:
Well, in fairness Labour did have the option to switch from XP to 7 before the money ran out.
Security patches only work if they are installed. Chatting with a buddy in NHS Wales IT this appears to be why England got hit hard and Wales didn't, better patching policies. Considering how much the NHS pays Microsoft for continued XP patches somebody is probably about to catch hell in England.
Soldato
You need to find the KB number listed for combination of OS and update method in the link Azza posted. AFAIK you won't see MS17-010 listed, just a KB number.
For instance, I've so far got this list of KB patches which include MS17-010 on Windows Server
KB4012212 - Windows Server 2008
KB4012217 KB4015551 KB4019216 - Windows Server 2012
KB4012216 KB4015550 KB4019215 - Windows Server 2012 R2
KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 - Windows Server 2016
Hmm, well I dont see KB4012215 in the PC, so I don't have the patch?
I've done 'check for updates' and it says no important updates available...
Cheers, I can see this one on the server, it came in on Friday and is waiting for a restart to apply it
As above, I can see one of those monthly rollup KBs on our server waiting to be applied, I just can't see any individual or monthly roll up on the individual PC
Sorry, I'm not a techy so not 100% sure what I'm looking for tbh
Have they? The Govt didnt pay microsoft this year and left it to the Trusts and GPs own IT people to strike an individual deal with Microsoft for XP patches. WIll be interesting to see how many Trusts didnt buy the patches never mind install them.
Ooh, Interesting.
Soldato
Sorry to hear that. Hopefully they can get you in soon.
If you have any monthly rollup since March 2017 that's been successfully applied, you'll have the patch to protect you.
Cheers pal,
I spoke to them this morning. They confirmed they still aren't allowed to turn their computers on yet.
I actually feel quite bad for them. Its not their fault and theyve got a nightmare to deal with...And then the backlog to get through.
Soldato
Patched or not - you forget that you still have to be stupid enough to open the attachment on these emails. In a home you have the small % users opening the attachment and infecting their machine and limited to probably 1 device. In a corporate environment you have a lot of users and it only takes one fool to open it to infect their machine and the malware will then try to infect other machines on the network or shared drives which is a much easier propagation of the malware.