With multiple exploits of older versions of Windows operating systems in the wild, I finally wrote up a quick primer to get folks up to speed at my day job and to help my superiors make the case that these threats must be taken seriously.
If you don’t know what I’m talking about, that means you ABSOLUTELY must read this too.
There’s really only one viable long-term solution: upgrade your operating system to either a more recent version of Windows or a version of *nix that is supported, patched, upgraded (I’ve talked about a real-life example before.) Unfortunately, many places (like my day job) have computer systems that are part of a vendor product, and therefore are not under the purview of our IT department.
Regardless: the short, and most important take-away is this: You cannot leave your computers unpatched and unupgraded. This is just as vital and important as the drive to install antivirus software was last decade.
I do suggest a couple of stop-gap solutions that might protect you… but only temporarily.
I hope the following outline/precis helps you make that case to the people who administer your computer systems as well.
Problem:
Multiple computers used to run systems are running outdated and unpatched versions of Windows
In the our department there are [NUMBER] boxes running Windows XP, and [NUMBER] boxes running Windows 2000.
These are provided by multiple vendors, including [LIST VENDORS HERE]
Multiple threats in the last few months have been exploiting unpatched Windows systems
WannaCry: Reuters. Ars Technica
Petya: Microsoft TechNet
These threats not only spread through user interaction, but spread via SMB on ports 139 and 445.
These ports are actively open and listening on at least some of the systems, verified using the following command at a shell prompt
netstat –ano | grep “LISTENING” | grep -e “:445” grep -e “:139”
Boxes like these that are not directly connected to the internet may be at risk because of how these worms spread through networks.
These vendor-supplied boxes are unlikely to be patched by the vendor without significant expenditures.
Patching software on boxes used in [INDUSTRY] may void any validity testing.
Windows XP and Windows 2000 are both beyond “End of Support”: Microsoft
There is a special patch for XP due to the worms in #2: Microsoft
Solutions
Reach out to vendors to provide security upgrades to the OS (not to the applications)
Determine if applying the security patch from Microsoft to the OS will void validity testing
If not, acquire and install patches manually.
Provide a router for camera systems that restricts access
Stop-gap Solutions
Determine if any processes on these systems require SMB; if not, uninstall it.
Utilize Windows Firewall to block TCP/UDP 139 and TCP/UDP 445
Utilize a restrictive HOSTS file; an example is here. If you don’t know how to install a HOSTS file, you definitely shouldn’t be trying this.
4. Have ports 445 and 139 blocked at the router level across the LAN.