Cisco warns: Some products might have WannaCrypt vuln
To other vendors using embedded Windows: where are your warnings and patches?
Here's why infosec needs to quit yelling “if you didn't patch it's your fault” about WannaCrypt: Cisco has announced it's investigating which of its products can't be patched against the ransomware.
The Register congratulates Cisco for going public, because it's certain that an innumerable number of third-party systems embed the bug, but there have been precious few announcements to date.
On Monday afternoon, the company said its Cisco Product Security Incident Response Team (PSIRT) has started its review.
The investigation will focus on identifying vulnerable products that don't support either manual or automated updates to fix the underlying MS17-010 bug – in other words, products that will need to go on customers' kill lists because they can't be fixed.
The Register has asked Cisco whether it knows how many and what kinds of systems are likely to fall into this category.
Promising updates as PSIRT discovers vulnerable system the advisory says: “Currently no additional guidance other than to apply the Microsoft patches or disable SMBv1 is applicable.”
The company's published Snort rules and a Cisco IPS (Intrusion Prevention System) signature pack to block WannaCrypt traffic.
To any other vendors who shipped Windows as the underlying OS for management or client software, or as the embedded operating system, we ask: where are your responses? ®