Wanna Cry about Wanna Crypt

[Sammy2]

MS released this a few days ago but I just became aware of it due to it being implemented on our servers at work. I update MSE but not Win 7x64 SP1 itself. Should I install this patch or let it be? The way I see it, if MS wouldn't have been so crappy about forcing Win10 down our throats we wouldn't be in harm's way by shutting off Windows Updates.

https://blogs.technet.microsoft.com/msr ... t-attacks/

[Scallica]

The vulnerability was patched in March 2017. The issue here is that WannaCry is a worm, which means your HTPC can get infected if there is another infected computer on the same network. If all of your other systems are updated and you don't introduce any new systems, the risk is low. If you have guests visit and join your wifi network with their potentially infected laptop, you increase the risk. The best approach is to setup a guest wifi network on a separate subnet.

[jachin99]

You could theoretically install it, and if it breaks something, remove the update, or perform a system restore. MS was so scared of it, they released an update for XP that fixes it.

[Sammy2]

My guests are on a separate login over WiFi that does not allow access to the LAN but nobody brings over a laptop anyhow. 4 out of 5 Windows machines in my house are on Win7x64 SP1. My wife's laptop is on Win10, guess who owns the other 4 which have automatic updates turned off. Occasionally she fires up an old Mac for whatever reason that is beyond me.

[joecrow]

I think that anyone who fails to install updates is playing with fire! The WannaCry virus is a worm that will infect other PCs in a network but it is still not clear how the initial infection occurs. According to a news article IBM reported that none of the emails they have collected in spam traps, contained the virus, so it does not appear to be caused by the typical method of opening an email attachment. So beware just because your HTPC is a specific and maybe a single application it is still not immune from outside attack. Win 7 is still supported by MS you have paid for the updates why not use them. There is much more to fear from the criminals than a problem with a reversable update.

[Scallica]

@sammy2 - The WannaCry worm attacks a vulnerability in the SMBv1 protocol (file sharing). If you don't want to install the update, you can always disable SMBv1 and leave v2 and v3 enabled.

https://support.microsoft.com/en-us/hel ... erver-2012

https://en.wikipedia.org/wiki/Server_Message_Block

[jachin99]

If I'm not mistaken homegroup uses SMB but i'm not sure which version. If you want to get in depth about securing SMB, here are some links. SMB v3 isn't natively supported by Windows 7, and I'm not sure if there is a way to migrate homegroup to that version.

https://www.us-cert.gov/ncas/current-ac ... -Practices

https://www.stigviewer.com/stig/windows ... ng/V-63703

https://www.stigviewer.com/stig/windows ... ing/V-6833

[jachin99]

Here is another one about securing homegroup

http://windowsitpro.com/security/how-us ... -homegroup

[Sammy2]

I use file shares across my network for access with Emby. Hmm.. I don't really use Homegroup so much as shared folders and in some cases, entire drives.

As far as updates go, I agree for the most part but Microsoft actually broke useful things such as Concurrent RDP with their updates and then were quite rude with forcing Win10 down our throats when we didn't want of even need it. I blame them. A lot of corporations have updates filtered through their IT departments for the exact same reasons but they have the resources to keep on top of it.

Does anyone have a good list of KB's that bork WMC systems? I'd gladly install all but the ones that destroy things that work well for me know.

[cvguy]

Since Microsoft went to the roll-up update system, you can't uninstall individual updates like you could previously. It's now a take it all or none approach so you will probably break your Windows Media Center by utilizing the roll ups. I have two that previously broke Emby with Windows Media Center 7 , but that's old hat now. I have turned off Windows update totally now (disabled the service) and will take my chances to keep my system running the way I want.
This is the last version of Windows I will be running. I am done with Microsoft, and will look into something else after Windows 7 just dies.


Sent from my SM-T800 using Tapatalk

[jachin99]

I have rebuilt a few machines over the past month and half or two months, and they each downloaded around 200 updates when I connected them to the internet. The rollup updates are available but I don't think they are pushing them out to people like us. As far as I know you have to go to their site, and download the rollup to even get it. Otherwise, windows updates normally.

[cvguy]

I have rebuilt a few machines over the past month and half or two months, and they each downloaded around 200 updates when I connected them to the internet. The rollup updates are available but I don't think they are pushing them out to people like us. As far as I know you have to go to their site, and download the rollup to even get it. Otherwise, windows updates normally.

I believe Microsoft started this for Windows 7 in October 2016? I believe this is the update procedure that Microsoft also uses on Windows 10. One of the reasons I'm still on Windows 7. No more KB updates individually as per the past. All I see now in Windows update are Roll-Ups available once per month. They include all previous and prior updates along with the current ones. The idea is you only have to install the last roll up to be current no matter how many updates you need. That's great, but if there is something in the roll up causing a problem, you have to back out of the entire roll up package. I personally know of two KB updates that definitely break my system. I have those hidden so they will never install. But that was before they started these roll ups. No more individual KB that you can check prior to installation. I am sure these hidden updates will get installed if I go ahead and do install the latest roll up.
I also run a server with Windows Home Server 2011. (Another wonderful product that Microsoft killed). It backs up all my systems daily, so I am willing to chance some security by eliminating updates sinse I am able to restore any system at any time. I do do the updates on my server however. Just not going to do anymore on Windows 7 with media center.
As I said, I am pretty much done with Microsoft once Windows 7 dies.

Sent from my SM-N910T using Tapatalk

[jachin99]

Here is even more about wannacrypt
https://blog.radware.com/security/2017/05/wannacrypt/
Which KBs break your system and How? I haven't had any noticeable trouble from updates, and I'm fully patched. But then again, I'm a relatively new user. Maybe we can start a list of what updates break what, and how to patch the security holes they might leave open. I read up a little more about homegroup, and apparently it uses separate protocols for authentication and file transfer. SMB is used to transfer files via homegroup.

For wannacrypt, here is a workaround for us WMC/Homegroup users

"Users who cannot update should disable SMBv1 from allowing direct connections. To do this, open Windows features and uncheck the box “SMB 1.0/CIFS File Sharing Support.” -Daniel Smith, Radware expert/Blogger

[joecrow]

I have rebuilt a few machines over the past month and half or two months, and they each downloaded around 200 updates when I connected them to the internet. The rollup updates are available but I don't think they are pushing them out to people like us. As far as I know you have to go to their site, and download the rollup to even get it. Otherwise, windows updates normally.

I believe Microsoft started this for Windows 7 in October 2016? I believe this is the update procedure that Microsoft also uses on Windows 10. One of the reasons I'm still on Windows 7. No more KB updates individually as per the past. All I see now in Windows update are Roll-Ups available once per month. They include all previous and prior updates along with the current ones.
Sent from my SM-N910T using Tapatalk

Sorry but what you insinuate regarding Win 10 updates is not correct. All the versions of Win 10 I have used, download and install the individual KBs and consequently gives you the option to uninstall a specific KB. Although to date I have not yet found a method of selecting and only downloading/installing individual updates with Win 10 as used to be possible with Win 7 .
I will not speculate regarding the current delivery method for Win 7 updates since I am no longer a user and can't check but other posts here suggest what you have said in that respect is also not correct so I would strongly suggest you check your facts.

[cvguy]

I have rebuilt a few machines over the past month and half or two months, and they each downloaded around 200 updates when I connected them to the internet. The rollup updates are available but I don't think they are pushing them out to people like us. As far as I know you have to go to their site, and download the rollup to even get it. Otherwise, windows updates normally.

I believe Microsoft started this for Windows 7 in October 2016? I believe this is the update procedure that Microsoft also uses on Windows 10. One of the reasons I'm still on Windows 7. No more KB updates individually as per the past. All I see now in Windows update are Roll-Ups available once per month. They include all previous and prior updates along with the current ones.
Sent from my SM-N910T using Tapatalk

Sorry but what you insinuate regarding Win 10 updates is not correct. All the versions of Win 10 I have used, download and install the individual KBs and consequently gives you the option to uninstall a specific KB. Although to date I have not yet found a method of selecting and only downloading/installing individual updates with Win 10 as used to be possible with Win 7 .
I will not speculate regarding the current delivery method for Win 7 updates since I am no longer a user and can't check but other posts here suggest what you have said in that respect is also not correct so I would strongly suggest you check your facts.

Ok Buddy, You win.

https://www.ghacks.net/2016/10/10/say-g ... s-7-and-8/

http://www.zdnet.com/article/microsoft- ... ober-2016/

[jachin99]

I take it all back, I looked at my update history this morning, and found a few different updates labeled monthly rollup. It looks like you can download all of the individual updates that were released up until they started their rollups though so I'm guessing I saw so many updates come my way and assumed they issued them one at a time because I was seeing all of the older updates issued along with the monthly rollups. This is on my Windows 7 machine.

[joecrow]

Ok Buddy, You win.

https://www.ghacks.net/2016/10/10/say-g ... s-7-and-8/

http://www.zdnet.com/article/microsoft- ... ober-2016/

Not necessarily . Along with reading the articles in your links I also got a look at my wifes' Win 7 laptop that she bought home for the weekend and yes Monthly rollups. Which is real interesting because there are no signs of such things on my Win 10 PCs, cumulative updates for OS and Office for sure(more frequent than once or twice a month though) but also individual updates and, as indicated in the links, those for Flash Player etc.
So I fully accept that you were correct regarding the delivery of Win 7 updates . However despite the rollup delivery if you take a look at the "Uninstall Updates" menu it appears the multiple KBs in the rollup can still be uninstalled individually. So it would not be necessary (or perhaps practical, short of a using a restore point) to uninstall the complete rollup of updates to clear a problem one.

[Ken H]

I'm running one of my PC's with Windows 7 for use with WMC and nothing else. Zero, nada, zilch.

Based on recommendations here, I have Windows Update turned off and do not have any anti-virus or malware software on this machine. It is connected to the Internet for the guide updates and to have access to the HDHomeRun network tuner.

As long as all I do is run WMC, is this PC safe from the WannaCry ransomware and other similar threats?

[Moderator note: topic merged]

Thanks to the moderator for the merge.

[Ken H]

After reading the topic, it appears as long as I have no other PC's that are infected on my local network, that a dedicated WMC PC should be fine. I have two other Windows 7 PC's, including one that is used for common Internet tasks. Both are fully updated and have had no problem.

As it turns out, security firm Kaspersky Lab says roughly 98% of all PC's affected by WannaCry were running a version of Windows 7 that was not updated.
https://www.cnet.com/news/wannacry-rans ... worst-hit/

[jachin99]

A lot of the bad things that can happen to your computer that you hear about on the internet are because people/companies dont update their machines for whatever reason. Thats just as true for phones/tablets also.