There has been quite a bit of media coverage about the WannaCrypt/WannaCry ransomware over the past several days. Microsoft has a new page with information about this particular issue and steps that can be taken to protect your systems. I have also collected some more detailed background information about this and about SQL Server security patching in general.
Just to be clear, there is no known threat to SQL Server from this method, but there was an out of band security update for SQL Server 2012, 2014, and 2016 that was released on November 8, 2016. Here are the most current cumulative updates for SQL Server 2012, 2014, and 2016 (which will include that security update).
SQL Server 2012 SQL Server 2012 SP3 CU9 11.0.6598.0 May 15, 2017
SQL Server 2014 SQL Server 2014 SP2 CU5 12.0.5546.0 April 17, 2017
SQL Server 2016 SQL Server 2016 SP1 CU3 13.0.4435.0 May 15, 2017
WannaCrypt/WannaCry Information
Here are some links to useful resources about this outbreak. Making sure your servers and client machines are current with their Microsoft Update hotfixes and possibly disabling SMB v1 are the best defenses.
Alert (TA17-132A) Indicators Associated With WannaCry Ransomware
Microsoft Security Bulletin MS17-010 – Critical
MS17-010: Description of the security update for Windows SMB Server: March 14, 2017
SMB v1 Information
Another mitigation measure for this vulnerability is to disable Server Message Block (SMB) v1 (which has been deprecated since Windows Server 2012). Depending on what version of Windows Server you are running, you may be able to do this using various methods.
The Deprecation of SMB1 – You should be planning to get rid of this old SMB dialect
How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows and Windows Server
SQL Server Security Update Information
Microsoft now recommends proactively installing SQL Server Cumulative Updates as they become available. The most recent, specific security update (MS16-136) for SQL Server 2012, 2014, and 2016 was released on November 8, 2016. If you are up to date with your SQL Server Service Packs and Cumulative Updates, you will already have that SQL Server security update. Just to be clear, there is no indication that SQL Server is vulnerable to WannaCry. It is merely a best practice to stay current with SQL Server security and other updates.
Announcing updates to the SQL Server Incremental Servicing Model (ISM)
Where to find information about the latest SQL Server builds
Finally, there are a number of other good reasons to make an effort to keep your SQL Server instances up to date with the latest Service Pack and Cumulative Update. I highlight some of the more important hotfixes for every cumulative update in the blog posts linked below:
Performance and Stability Related Fixes in Post-SQL Server 2012 SP3 Builds
Performance and Stability Related Fixes in Post-SQL Server 2014 SP1 Builds
Performance and Stability Related Fixes in Post-SQL Server 2014 SP2 Builds
Performance and Stability Related Fixes in Post-SQL Server 2016 SP1 Builds
3 thoughts on “Guidance for WannaCrypt/WannaCry Attacks”
Glenn,
Thank you so much to put the information and prevention about the WannaCry thread together!
Especially, the SQL Incremental Servicing Model from Microsoft makes me feel eased to update the CUs on our SQL Servers.
Thanks again!
Glad to help!
Glenn,
Not sure if you had noticed but this KB https://support.microsoft.com/en-us/help/3045321 shows up in some of the new CU’s even though it is a reference to MS15-058 under Reporting Services.
Chris