nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Azure users told they're not WannaCrypt-proof

Microsoft advises how to harden cloudy Windows, cos it runs a cloud not your OS

By Richard Chirgwin, 18 May 2017

Microsoft Windows users already know what to do to defeat WannaCrypt (unless they've been asleep for a week). Now the company's published its advice for its Azure customers.

Since there aren't any surprises in Microsoft's note for Azure users, Vulture South suspects this is a prod for people who are slow to respond or complacent about security.

WannaCrypt is the ransomware/worm built using NSA exploits leaked by Shadow Brokers. It exploits a bug in the ancient and should-have-been-retired SMB1 protocol as one of its most important vectors.

That bug (CVE-2017-0145) was plugged by Microsoft in its service pack – all the way back to Windows XP, so serious was it – but there's a bit of work for Azure users to secure their cloudy computers.

Microsoft writes that customers should review any services that expose SMB endpoints to the Internet (or perhaps just hit yourself with the clue-stick because that exposure should be avoided). The appropriate IP ports (TCP 139, TCP 445, UDP 137 and UDP 138) should be blocked at the firewall unless absolutely essential.

Follow these instructions if you haven't already disabled SMB1, and watch your environment with Azure Security Center.

Windows Update should have taken care of users running Azure Cloud Services or IaaS, and all guest operating system versions released since March 14 include MS17-010.

Finally, use Network Security Groups to restrict network access; run malware protection; and apply multi-factor authentication to all backups. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing