Microsoft has released MS17-010 and other patches to block worms like WannaCry. Here are the key details You need to get your Windows computer protected against WannaCry and its ilk. Here are detailed instructions on how to see if you need patching and, if you do, how to get patched. By far the easiest method is to simply run Windows Update and install all important patches. You may not be able to do that—or may not want to do that—for several important reasons: You may not want all of the latest patches, whether for compatibility reasons or because you don’t trust Microsoft’s additional snooping in Windows 7 and 8.1 Monthly Rollups If you’re using Windows XP or Windows 8, Windows Update doesn’t work If you’re running Windows 7 or 8.1 on a newer computer (Kaby Lake and Ryzen processors, as well as several others), Microsoft may have gratuitously blocked Windows Update You may have problems running Windows Update for myriad reasons, and you don’t want to futz around with figuring out the reason or resetting while the threat lingers Your approach to checking if you need the patches, and then installing them, will vary depending on your operating system. Windows XP, Windows 8 You don’t have the WannaCry patch, unless you downloaded and installed it already. Follow the links under “Further Resources” at the bottom of the Technet page to download and run the installer. Michael Horowitz on Computerworld has detailed instructions for XP. (Note: I had a question in an earlier post about installing this patch on pirate copies of Windows XP. I’ve seen a lot of pirate copies of WinXP, and I don’t trust any of them. If you install Microsoft’s patch on a pirate XP machine, you may well brick it. On the other hand, if you don’t install the patch, somebody else may come in and brick it for you. If I had to do it, I’d back up everything and roll the dice. But be ready to install Win7 from scratch if the XP pirate doesn’t come back up for air.) Vista To see if the patch is already installed, click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Look for one marked “Security Update for Windows Vista (KB4012598).” If you don’t have it, download it from the Microsoft Update Catalog, and install it. Windows 7 If you can’t get Windows Update to work because Microsoft is punishing you for running Win7 on a newer computer, be of good cheer. The fact that you can’t run Windows Update means that you’ve already installed the fix. For everybody else, if you don’t want to install all of the current patches, you can see if the patch is already installed. Click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have any of these patches: 2017-05 Security Monthly Quality Rollup for Windows 7 (KB4019264) April, 2017 Preview of Monthly Quality Rollup for Windows 7 (KB4015552) April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549) March, 2017 Security Monthly Quality Rollup for Windows 7 (KB4012215) March, 2017 Security Only Quality Update for Windows 7 (KB4012212) If you have any of those patches already installed, then you are good to go and you can sleep well at night. There’s no reason to download or install anything, unless you have absolutely none of those patches. I’m not recommending that you install something–just look at the list and see if you have any of these patches. If you have none of the patches, download and install the March 2017 Security Only Quality Update for Windows 7 (KB4012212) for 32-bit or 64-bit. (Note that the list is quite deliberate and, I think, exact—except for two earlier Rollup Previews, which are unlikely to appear on your computer. In particular, if you’re manually installing security-only patches in the “Group B” style, you must have the March 2017 Security Only Quality Update for Windows 7 (KB4012212). Other security-only patches don’t include the MS17-010 fix.) Windows 8.1 Again, if Microsoft is blocking Windows Update because your computer is running on a Kaby Lake, Rizen, Carrizo DDR4, AMD RX-480, or any of a handful of similar newer processors, you’re fine. The fix has already been installed. Otherwise, to see if the patch is already installed, click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have ANY of these patches: 2017-05 Security Monthly Quality Rollup for Windows 8.1 (KB4019215) April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 (KB4015553) April, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4015550) March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216) March, 2017 Security Only Quality Update for Windows 7 (KB4012213) If you have any of those patches, you’re fine. Again, I’m not suggesting that you install anything unless none of those patches are installed. If you have none of those patches, download and install the March 2017 Security Only Quality Update for Windows 8.1 (KB4012213) for 32-bit or 64-bit. See the note above about security-only patches. Again, I believe this list is complete and accurate. Windows 10 While it’s true that WannaCry doesn’t attack Win10 computers, that shouldn’t make you complacent. The faulty SMBv1 driver is alive and well on Win10 machines, and it could be used in the future to take over your PC. You need to make sure you’re patched. Creators Update (version 1703) is fine. Anniversary Update (version 1607) – Check your build number. If you have Build 14393.953 or later, you’re fine. If you don’t, use Windows Update to install the latest build 14393.1198. Yes, I know that violates the current MS-DEFCON 2 setting, but you need to get up to or beyond 14393.953. Fall Update (version 1511) – Use the steps above to check your build number. You have to be at build 10586.839 or later. Abandon the MS-DEFCON rating system if you must to get up to or beyond that build number. RTM (“version 1507”) – Follow the same procedure to make sure you’re up to or beyond build 10240.17319. And remember that your system’s toast soon. ====================================== Nice and easy, huh? Everybody needs to get their systems updated, at least to the point mentioned here. Yes, that includes your sainted Aunt Martha. Related content opinion On a personal note... Woody Leonhard looks back a bit, looks ahead to retirement — and shares good news about who's picking up the Windows patching torch. By Woody Leonhard Nov 09, 2020 3 mins Small and Medium Business Computers Windows news analysis Get Microsoft's October patches installed — and seriously consider Win10 2004 Odd ancillary patches have their problems, but the mainstream October patches look pretty reliable. The big question: Is Win10 version 2004 up to your stability standards. I’m skeptical -- especially because it has few worthwhile improvements. By Woody Leonhard Oct 30, 2020 6 mins Small and Medium Business Microsoft Computers news analysis Microsoft Patch Alert: October 2020 The big news with this month’s patches – aside from the usual smorgasbord of strange errors – has more to do with the patches that are outside the regular cumulative update stream. Remarkably, we didn’t get any security fixes By Woody Leonhard Oct 22, 2020 189 mins Small and Medium Business Microsoft Office Microsoft news analysis With Patch Tuesday here, be sure Windows Update is paused With all the flotsam floating around, it’s easy to lose sight of Second Tuesdays. October’s arrives tomorrow and, with it, another round of Windows and Office patches. Take a minute to make sure you aren’t in the front lines, as eve By Woody Leonhard Oct 12, 2020 5 mins Small and Medium Business Microsoft Windows Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe