Addsum web site and general info

Postings here will focus mainly on Advanced Accounting software updates, tips, and related topics. They will also include general comments relating to troubleshooting PC/Windows/network problems and may also include reference to our other software products and projects including any of our various utilities, or to the TAS Premier programming language. We considered setting up separate blogs for different topics so that users/others could subscribe to topics mostly aligned with their interests, but decided that it would be better to keep things simple since some topics cross over into others. We would nonetheless welcome your feedback/input in this regard. Our web site URL is www.addsuminc.com. Call us at 800-648-6258 or 801-277-9240. We also maintain www.advancedaccounting.us so that older Business Tools users in particular have a greater chance to find us.

Follow

We highly recommend that accounting software users "follow" this blog via e-mail (enter your address and click on Submit below) or subscribe to a feed (see also below) as a way to keep current on the latest updates and accounting software news and information. You may also want to whitelist this e-mail address: noreply@blogger.com.

Follow by e-mail

Wednesday, May 17, 2017

Microsoft catalog link for WannaCry

The direct Microsoft catalog update link for installing the WannaCry (aka "WannaCrypt") security update or patch (i.e. KB4012598, vulnerability MS17-010) can be found here:

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

You might wonder why Windows 7 is not referenced in the KB4012598 update.  This is because the updates for Windows 7 came out in March under a different KB reference (KB4012212 and others) to address the MS17-010 vulnerability.  See this link for the list:

https://blogs.technet.microsoft.com/sudheesn/2017/05/17/patches-that-fix-the-vulnerability-for-ms17-010/

See also:

http://www.infoworld.com/article/3196825/microsoft-windows/how-to-make-sure-your-windows-pc-wont-get-hit-by-ransomware-like-wannacrypt.html


U.S. users have thus far not been impacted to the same degree as elsewhere but more "WannaCry" variants are expected.

 While these updates first became available in March for most operating systems, updates for non-supported Windows XP (both 32 and 64 bit versions) only became available on May 13, 2017 (and was rather surprising since MS has not been issuing free updates for XP for some time now).  

 Users still running XP should immediately install the appropriate update from the catalog link.  Installing the update takes only a few minutes.  It does require a reboot    Even if your PC typically does not have direct Internet access, it is advisable to install this update since it would help to stop the spread of this latest  ransomware virus from spreading from one PC (that might have Internet access) to others (that might not) on the same network.  The security patch can be downloaded to a shared folder on your network or to a thumb or external drive, and then run on other PC's on your network or in your office without their having any web access.

While we are not a fan of automatic updates, some updates are from time to time important to install regardless of how careful users are with inbound e-mail, anti-virus protection, and in the web sites they visit.

There is some amount of misinformation about this virus and how it spreads.  Your greatest vulnerability is once again by opening e-mail attachments from unsavory sources, often disguised to look like it is from someone you know and/or that purports to contain an attached invoice or purchase order, etc.   End user education remains critical.

It is indeed unfortunate that there are individuals that would choose to spend their time and resources spreading malware rather than on pursuits that would benefit society and/or the health of the planet.  It is also highly unfortunate how the NSA handled this situation in terms of both safeguarding its information, in developing unsavory methods of hacking into computer systems in the first place, and not promptly acting to notify Microsoft and others of the threat so that these security updates could have been made available sooner.

Note:  If infected, do not pay the ransom.  Even if you pay it, you may still not receive an unencrypt key, more so this time around than ever.  Immediately consult your IT support if you receive any pop-up messages or if you start to see file extensions of .WCRY.



Additional information:


https://support.microsoft.com/en-us/help/4012598/title

http://www.npr.org/sections/thetwo-way/2017/05/15/528451534/wannacry-ransomware-what-we-know-monday

http://www.nbcnews.com/news/world/why-wannacry-malware-caused-chaos-national-health-service-u-k-n760126

https://www.wired.com/2017/05/wannacry-ransomware-hackers-made-real-amateur-mistakes/

https://www.ft.com/content/e2786cbe-3a97-11e7-821a-6027b8a20f23






No comments:

Post a Comment