Don’t WannaCry? Apply the MS17-010 Patch For Windows XP and Newer Now

[vc_row][vc_column][vc_column_text]By Paul Hirsch, Senior Technology Strategist

Wana Decrypt0r – Not a welcome sight

On Friday (May 12th) the news was abuzz with reports of damage from the “WannaCry” ransomware worm.  By combining a  worm, (which spreads through a network automatically), with a ransomware payload, (where your data is encrypted and held hostage), it quickly caused a lot of damage.

WannaCry uses a vulnerability discovered by the NSA and code named “EternalBlue”.  It was recently revealed by an intelligence leak, after which Microsoft released a patch in mid-March 2017 named MS17-010.

If all your systems are patched and running a supported version of Windows (Vista, 7, 8.1, 10, Server 2008, Server 2008R2, Server 2012, Server 2012R2, or Server 2016), you can stop reading now.  You should already have protection against WannaCry.

If you are still running Windows XP, Server 2003, or Windows 8 (not 8.1) you are in luck: Microsoft took mercy on you and has released special patches for those unsupported Windows versions, too.  (Listed below.)

Remember, this is a special case!  If you are still using XP or 2003 you are still at risk from other unpatched vulnerabilities.  PLEASE replace all XP and Server 2003 systems as soon as possible.

Fetch the appropriate patch from the following Microsoft Update links:


Buzzword Translator: Internet of Things (IoT)

[vc_row][vc_column][vc_column_text]By Paul Hirsch, Senior Technology Strategist

Did you know that there are already more networked devices than people? Did you know that it is projected that by 2020 there will be eight times more networked devices than people? IoT is a HUGE market! Wait, soooooo…. what IS IoT? As with cloud, IoT represents a lot of really useful technologies grouped with a comically vague buzzword. Examples of devices in the IoT category include:

  • Your Internet connected printer
  • Your Internet connected game console or video streaming device
  • Your Internet connected thermostat
  • Your Internet connected security camera
  • Your Internet connected baby monitor
  • Your Internet connected car
  • Your Internet connected Internet connection device
  • Your Internet connected house robot “Jerry”
  • All Internet connected devices produced by Cyberdyne systems, which will gain consciousness on August 29th, 1997 at 2:14 a.m. ET (*They are running a bit behind schedule, but you will know when it happens cause Jerry will be a real jerk)

Can you spot the subtle common thread? Yes: “Internet” (“Cloud” is implied as well, since many of these connect to a cloud service.) With great connectivity comes great responsibility, but many IoT products have fallen into the same traps that servers, PCs, and smart phones have before them. Some of the problems are built in by the manufacturers, but others are caused by customers.  Recognize any of these classics?

  • “I depend on THING for my very existence, so I bought the cheapest WiFi access point I could find, used an Ethernet hub I fished out of a dumpster, and connected everything with Cat1D.” (D is for duct tape)
  • “The security of THING is critical, so I didn’t change the default password. Also, what is a ‘Firewall’?”
  • “I care about being a good Internet citizen, so I have never and will never update the software on THING.”
  • “THING makes me complete and has lights and stuff. I will sell my arm for a new THING. I will not spend a dime on a UPS to keep THING from being fried by lightning.”

Sounds like the same list when dealing with computers, right? That is because IoT devices are just computers. They usually run a Linux derivative or one of a handful of real time commercial operating systems. On that base they add some custom software, sometimes written with little thought given to safe programming practice or basic information security. Then they spit out thousands of them to sit on unprotected networks, never get updated, and generally be neglected. In some cases they are politely asked (using default usernames and passwords) to join a botnet, later being used to help carry out massive DDoS (Distributed Denial of Service) attacks like the multiple record setting DDoS attacks carried out by Mirai botnet controlled cameras in the last months.

The truth is that IoT in a business setting needs all the same things anything connected to the Internet needs: A well designed, secure, reliable, monitored, and managed network built to meet current and future needs. Firewalls, switches, wireless, cabling and infrastructure, power and cooling, physical security, network design, cloud services, and managed services must be considered for every IoT deployment.

IoT devices are computers and must be taken just as seriously. Let that thought be your guide with whatever types of T you want to connect to the I.[/vc_column_text][/vc_column][/vc_row]

Name Calling Could Put Your Windows Server Under A Hacker’s Christmas Tree

By Paul Hirsch, Senior Network Engineer

To: Mr. Robot From: Your Company

To: Mr. Robot
From: Your Company

Nestled in between a list of the usual Internet Explorer and Microsoft Office vulnerabilities issued last week, Microsoft announced a nasty vulnerability in Windows DNS servers.  The “Domain Name System” is what translates friendly names like “” into the IP addresses computers use to talk to each other.   This bug may allow for an attacker to ask for a specially (spitefully) crafted name and gain access to Windows servers running the DNS service.  This includes the most important Windows server in just about any network: The Domain Controller.

The patch for “MS15-127” should be applied as soon as possible to all Windows DNS and Domain Controller servers.  If hackers are able to develop a strong exploit for this vulnerability it is likely to become very widespread.  See for more technical information.

Citon Managed Service and AEGIS+Patching customers are being patched automatically. Click here to learn more about how we can keep your systems up to date and secure.


An Ode To Windows Server 2003

By Paul Hirsch, Senior Network Engineer

Oh Windows Server 2003, I remember when you were young and vibrant.  So stable, so quick(-ish), and so much more refined than Windows 2000.  You bridged the gap between the era of the workgroup and the era of the Internet.  When you were born there was no Facebook, no You Tube, and no Grumpy Cat.  Yet you saw us through the coming of all these and more, running happily on 1GB of RAM and with only 20GB of disk space.  As time passed, many an administrator clung to you tightly instead of moving on to Windows 2008, 2008R2, 2012….  And why not?  You had just the right balance of features and simplicity.

Alas dear Windows Server 2003, now we must part ways.  As of now the great mother-ship Microsoft has cast you off, never to receive another Patch Tuesday communique.  All things must pass, and we must pass security audits, so fare thee well 2003!  As I shut down my last Windows 2003 server, with the sweet sound of “It’s So Hard To Say Goodbye To Yesterday” playing (no, not on Napster), I will enter the following epitaph:


(If this is news to you, get informed!  See Microsoft Server 2003 End Of Support Risks and Reasons to Upgrade )

Stopping Destructive Ransomware With An Aardvark

By Paul Hirsch, Senior Network Engineer

For the past few years, cyber criminals have been using more and more “ransomware” to extract money from victims directly. In 2013, with the advent of CryptoLocker, things got much worse. Instead of rendering single machines useless, CryptoLocker and similar malware puts the infected machine to work locking up customer files and data or replacing files with infected impostors. These infections usually result in costly downtime and require going to backups to restore files. (You have good backups, right?)

A solid application aware Internet firewall, good antivirus/anti-malware software, a good spam filter, and a healthy dose of mistrust for links and files you are not expecting will usually stave off malware. But what if something sneaks through? That is where Citon’s latest creation, the CryptoLocker Aardvark, comes in.

CryptoLocker Aardvark runs on your company file servers and monitors dummy Word, Excel, PDF, and other files collectively known as “The Aardvarks In The Coalmine”. (“Aardvark” since most malware still scans alphabeticaly, so it will hit a dummy file named “aardvark.doc” before moving on to real data.) If any aspect of the “Aardvarks In The Coalmine” change, (file size, change time, content, etc), the CrytpLocker Aardvark service immediately shuts down all file sharing on the server and sends email alerts to administrators notifying them of the untimely demise of a virtual aardvark.

By shutting down file sharing quickly, damage to files is kept to a minimum. The email alert ensures that administrators can take quick action to get infected machines off the network then safely re-enable file sharing on your servers. Instead of the usual hours or days to detect, the problem is contained on the network in 30 seconds or less and resolved efficiently with minimal impact to users or loss of data.

Would you like to add Citon CryptoLocker Aardvark to your network’s autoimmune system? Contact Citon to find out how!