Guidance for WannaCrypt/WannaCry Attacks

There has been quite a bit of media coverage about the WannaCrypt/WannaCry ransomware over the past several days. Microsoft has a new page with information about this particular issue and steps that can be taken to protect your systems. I have also collected some more detailed background information about this and about SQL Server security patching in general.

Just to be clear, there is no known threat to SQL Server from this method, but there was an out of band security update for SQL Server 2012, 2014, and 2016 that was released on November 8, 2016. Here are the most current cumulative updates for SQL Server 2012, 2014, and 2016 (which will include that security update).

SQL Server 2012              SQL Server 2012 SP3 CU9            11.0.6598.0                      May 15, 2017

SQL Server 2014              SQL Server 2014 SP2 CU5            12.0.5546.0                      April 17, 2017

SQL Server 2016              SQL Server 2016 SP1 CU3            13.0.4435.0                      May 15, 2017


WannaCrypt/WannaCry Information

Here are some links to useful resources about this outbreak. Making sure your servers and client machines are current with their Microsoft Update hotfixes and possibly disabling SMB v1 are the best defenses.

Alert (TA17-132A) Indicators Associated With WannaCry Ransomware

Microsoft Security Bulletin MS17-010 – Critical

MS17-010: Description of the security update for Windows SMB Server: March 14, 2017

Windows Update Catalog Download Links


SMB v1 Information

Another mitigation measure for this vulnerability is to disable Server Message Block (SMB) v1 (which has been deprecated since Windows Server 2012). Depending on what version of Windows Server you are running, you may be able to do this using various methods.

The Deprecation of SMB1 – You should be planning to get rid of this old SMB dialect

Stop using SMB1

How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server


SQL Server Security Update Information

Microsoft now recommends proactively installing SQL Server Cumulative Updates as they become available. The most recent, specific security update (MS16-136) for SQL Server 2012, 2014, and 2016 was released on November 8, 2016. If you are up to date with your SQL Server Service Packs and Cumulative Updates, you will already have that SQL Server security update. Just to be clear, there is no indication that SQL Server is vulnerable to WannaCry. It is merely a best practice to stay current with SQL Server security and other updates.

Announcing updates to the SQL Server Incremental Servicing Model (ISM)

Where to find information about the latest SQL Server builds

MS16-136: Security update for SQL Server: November 8, 2016


Finally, there are a number of other good reasons to make an effort to keep your SQL Server instances up to date with the latest Service Pack and Cumulative Update. I highlight some of the more important hotfixes for every cumulative update in the blog posts linked below:

Performance and Stability Related Fixes in Post-SQL Server 2012 SP3 Builds

Performance and Stability Related Fixes in Post-SQL Server 2014 SP1 Builds

Performance and Stability Related Fixes in Post-SQL Server 2014 SP2 Builds

Performance and Stability Related Fixes in Post-SQL Server 2016 SP1 Builds

3 thoughts on “Guidance for WannaCrypt/WannaCry Attacks

  1. Glenn,

    Thank you so much to put the information and prevention about the WannaCry thread together!
    Especially, the SQL Incremental Servicing Model from Microsoft makes me feel eased to update the CUs on our SQL Servers.

    Thanks again!

Leave a Reply

Your email address will not be published. Required fields are marked *

Other articles

Imagine feeling confident enough to handle whatever your database throws at you.

With training and consulting from SQLskills, you’ll be able to solve big problems, elevate your team’s capacity, and take control of your data career.