Azure users told they're not WannaCrypt-proof

Microsoft advises how to harden cloudy Windows, cos it runs a cloud not your OS

Microsoft Windows users already know what to do to defeat WannaCrypt (unless they've been asleep for a week). Now the company's published its advice for its Azure customers.

Since there aren't any surprises in Microsoft's note for Azure users, Vulture South suspects this is a prod for people who are slow to respond or complacent about security.

WannaCrypt is the ransomware/worm built using NSA exploits leaked by Shadow Brokers. It exploits a bug in the ancient and should-have-been-retired SMB1 protocol as one of its most important vectors.

That bug (CVE-2017-0145) was plugged by Microsoft in its service pack – all the way back to Windows XP, so serious was it – but there's a bit of work for Azure users to secure their cloudy computers.

Microsoft writes that customers should review any services that expose SMB endpoints to the Internet (or perhaps just hit yourself with the clue-stick because that exposure should be avoided). The appropriate IP ports (TCP 139, TCP 445, UDP 137 and UDP 138) should be blocked at the firewall unless absolutely essential.

Follow these instructions if you haven't already disabled SMB1, and watch your environment with Azure Security Center.

Windows Update should have taken care of users running Azure Cloud Services or IaaS, and all guest operating system versions released since March 14 include MS17-010.

Finally, use Network Security Groups to restrict network access; run malware protection; and apply multi-factor authentication to all backups. ®


Biting the hand that feeds IT © 1998–2017