We strongly recommend that all customers keep their Windows Server deployments up-to-date with the latest Security and Maintenance updates available through Windows Update.
The targeted patches listed below are suitable for both current and legacy generations of the Windows Server operating system (OS) and represent a bare minimum baseline for helping keep IT infrastructure secure. We encourage all customers to consider deploying the most up-to-date monthly cumulative Roll-up update –available on Windows Update or by selecting from the Windows Update Catalog and identifying their respective Windows Server Operating System.
|
Issue description - Microsoft Security Bulletin MS17-010 |
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx |
|
List of patches addressing the issue described in MS17-010 |
|
|
Stand-Alone patch Windows Server 2008 (x86, x64, and Itanium-based systems) |
http://www.catalog.update.microsoft.com/search.aspx?q=kb4012598 |
Please note: Although the Extended Support Phase for Windows Server 2003 ended in early 2015, due to the recent ransomware attack, Microsoft has issued a security patch to remedy the SMB 1.0 vulnerability. HPE highly recommends installing the patch on any legacy system running Windows Server 2003 immediately if you have not yet done so. For a more permanent solution, HPE offers a wide range of ProLiant server models along with HPE OEM Microsoft Windows Server 2016 Reseller Option Kit (ROK) licenses to help bring infrastructure up to the current security standards.
|
March ‘17 Security-Only Quality Update: Windows Server 2008 R2 |
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012212 |
|
March ‘17 Security-Only Quality Update: Windows Server 2012 |
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012217 |
|
March 2017 Security Monthly Quality Rollup for Windows Server 2012 R2: |
http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012216 |
|
Delta and Rollup Patches March 2017 Delta (patches newly released in that specific month only) Rollup (include all previously released patches since General Availability) patches for Windows Server 2016: |
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4013429 |
Please note: Any more recent cumulative *Rollup* patch for Windows Server 2016 includes the patch to mitigate the SMB 1.0 vulnerability described in MS17-010 – or any newer patch that might supersede the one issued by Microsoft in March 2017. If in doubt, HPE recommends to always install the most recent cumulative rollup patch for Windows Server 2016.
Microsoft also offers the Microsoft Malicious Software Removal Tool (MSRT) as a separate download to help remove the “WannaCry” malware from infected systems: https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo
Please note: If Windows Update (WU) “Automatic Updates” are enabled on a system, the MSRT tool is installed and updated automatically as part of the WU update process. The stand-alone download is primarily intended for deployments without WU enabled or no internet connectivity.
Willa
Willa manages the HPE | Microsoft Coffee Coaching program. Follow along to learn more about the latest HPE OEM Microsoft product releases and how the HPE Microsoft partnership can benefit partners and customers.
