WannaCry Ransomware attack is a worldwide global cyber-attack targeting Microsoft Windows operating systems. This malware infects the user’s computer when he/she opens a phishing email or malicious attachments that download the “WannaCrypt” software that encrypts the data on the computer and demands ransom payment via bitcoin currency. Once the payment has been made the data is supposed to be decrypted allowing the user to get back full control of the system, but in many cases, the decryption fails, leaving the data unrecoverable.

At present Microsoft Windows, operating systems starting from Windows XP to Windows 10 and Windows Server 2003 to Windows Server 2016 are all affected by this WannaCry vulnerability.

In March 2017, Microsoft released a security update to address the vulnerability that these attacks are exploiting. For systems that have automatic Windows updates enabled, this security update is pushed to those systems and installed, thus protecting the system from this vulnerability. Those organizations that have automatic Windows updates disabled, or performing those updates manually on a scheduled cadence and have not applied this security update should deploy Microsoft Security Bulletin MS17-010 immediately.

If one of updates from the below table is installed on the system, the system is protected. March, April and May monthly rollups also includes all previous updates including March security update.

  

Operating System 2017 March (Security Only) 2017 May (Monthly Quality) Independent Update Download Link
Windows Server 2003 / 2003 R2 NA NA KB4012598 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Windows Server 2008 NA NA KB4012598 http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Windows Server 2008 R2 KB4012212 KB4019264 NA

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212 – Security Only
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019264 – Monthly Roll-up 

Windows Server 2012 KB4012214 KB4019216 NA http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012214 – Security Only
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019216 – Monthly Roll-up
Windows Server 2012 R2 KB4012213 KB4019215 NA http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012213 – Security Update
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019215 – Monthly Roll-up
Windows Server 2016 NA KB4019472 NA http://www.catalog.update.microsoft.com/Search.aspx?q=KB4019472 – Monthly Roll-up

  

 

References:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/#sm.00003c9i8m587fd3svy1je9tf3kuv