nanog mailing list archives
Re: Please run windows update now
From: Jonathan Roach <jonathan.roach () oracle com>
Date: Mon, 15 May 2017 22:31:46 +0100
Microsoft aren't stupid. They have learned lessons from the days in the 90s and early 2000s when they were a laughing stock in terms of security, and since then Windows security has improved enormously. OK, so it's not perfect, but what software is? Dirty Cow, Shellshock and Heartbleed for example weren't exactly minor flaws, but the world moved on. What's key is that administrators need to know how to secure their estates. If they've failed to apply the patch, that's their failure, not Microsoft's, but patching was not the only way to have curtailed this weekend's outbreak. Admins may have had their reasons for not patching - maybe to do so would have invalidated some kind of certification on an embedded system for example - but there should have been other controls in place to limit the spread of this outbreak or others like it. Something that's puzzled me about events this weekend is that hardly anyone is mentioning firewalling. Servers generally need ports 135-139/445 to be accessible in order to act as, well, servers - but workstations don't. Why aren't people - even cash-starved organisations like the NHS - using the Windows firewall to protect at least their workstations on an ongoing basis? How did this infection spread between organisations without being stopped by a border firewall at any point? Was nothing learned from the Blaster days? (I don't have the answer.) Although the malware was probably injected into multiple organisations in numerous countries via multiple phishing attacks, the spread as reported seemed too fast between organisations and countries for it to have been driven by phishing attacks alone, and I haven't seen any reports showing people how to spot the phishing attempts. So I'm guessing a lot of the propagation even between orgs was by MS17-010. It would be interesting to find out if anyone saw unusual spikes in SMB traffic over the weekend? Or if there are insights into any of the semi-rhetorical questions I posed above? Cheers, Jon
Current thread:
- Re: Please run windows update now, (continued)
- Re: Please run windows update now Randy Bush (May 15)
- Re: Please run windows update now Rich Kulawiec (May 15)
- Re: Please run windows update now Randy Bush (May 15)
- Re: Please run windows update now bzs (May 15)
- Re: Please run windows update now valdis . kletnieks (May 15)
- Re: Please run windows update now William Waites (May 15)
- Re: Please run windows update now bzs (May 15)
- Re: Please run windows update now J. Oquendo (May 15)
- Re: Please run windows update now Aaron C. de Bruyn via NANOG (May 15)
- Re: Please run windows update now valdis . kletnieks (May 15)
- Re: Please run windows update now Jonathan Roach (May 15)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now JoeSox (May 16)
- Re: Please run windows update now Brad Knowles (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- RE: Please run windows update now Keith Medcalf (May 16)
- Re: Please run windows update now valdis . kletnieks (May 16)
- Re: Please run windows update now Matt Palmer (May 16)
- Re: Please run windows update now J. Oquendo (May 16)
- RE: Please run windows update now Keith Medcalf (May 16)