IMPORTANT ANNOUNCEMENT: This website was decommissioned on July 18, 2022

Posted on July 18, 2022

This site is no longer being updated with new postings. Please visit the UBC IT Status Page at https://status.it.ubc.ca for any new status updates and incident notifications. For operational status of our enterprise-level services, users can now subscribe in multiple ways that now includes push notifications:

  • Email
  • SMS
  • Slack integration
  • Twitter
  • Webhooks
  • RSS feed
  • Custom Embed via Status API

You will be redirected shortly to the Status Page or follow the link below to go there now.

Visit the UBC IT Status Page

 

IMPORTANT ANNOUNCEMENT: This website will be decommissioned on July 18, 2022

Posted on June 20, 2022

The UBC IT Bulletins site will no longer be updated on July 18, 2022 and users will need to visit its replacement, the UBC IT Status Page at https://status.it.ubc.ca, where they can view or subscribe to status updates and incident notifications.

UBC IT Bulletins was kept as a legacy site in order to temporarily maintain RSS feeds and intended to provide users time to switch their subscriptions to the Status Page channels.

Before the decommission date of July 18, 2022, we recommend visitors go to https://status.it.ubc.ca to begin subscribing to the new notifications the Status Page has to offer. For our enterprise-level services, users can now subscribe in multiple ways that now include customizable push notifications:

  • SMS messaging
  • Email notifications
  • Webhooks
  • Twitter feed
  • A general RSS feed
  • Custom Slack notifications
  • Custom embed code via an API

Visit the UBC IT Status Page

UPDATE: GLOBAL RANSOMWARE ALERT – WannaCry Ransomware

By Operations Centre on May 12, 2017

Update May 24, 2017:There are now reports of new variants using the same vulnerability exploited by the WannaCry attack. These variants (EternalRocks, Adylkuzz, UIWIX) are being spread directly from infected systems to exposed vulnerable systems.
Installing the MS17-010 patch for Windows is the only way to eliminate the vulnerabilities being actively exploited.If a system cannot be patched, then the next best alternative is to block or remove SMB services. It is no longer sufficient to simply disable only specific versions of SMB on Windows systems, as this has proven to be ineffective.

If a system cannot be patched, and SMB services cannot be blocked or removed, please contact us at security@ubc.ca for a risk assessment and threat mitigation recommendation.

A number of large organizations, such as Britain’s National Health Service—have been affected by a massive, global ransomware attack called WannaCry. This ransomware is spread by an unpatched vulnerability, identified by Microsoft as MS17-010, and demands a ransom of $300.

Emails with this ransomware may have subject lines such as:

  • Copy_[with Random Numbers],
  • Document_[with Random Numbers], Scan_[with Random Numbers],
  • File_[with Random Numbers]
  • PDF_[with Random Numbers]

This is not an exhaustive list. Please be extra cautious and do not open any emails that seem suspicious or unfamiliar no matter what the subject line is.

 

Severity

Critical

 

CVE

  • CVE-2017-0007
  • CVE-2017-0016
  • CVE-2017-0039
  • CVE-2017-0057
  • CVE-2017-0100
  • CVE-2017-0104
  • CVE-2017-0143
  • CVE-2017-0144
  • CVE-2017-0145
  • CVE-2017-0146
  • CVE-2017-0147
  • CVE-2017-0148

Impacted platforms

  • All versions of Windows 2000 and prior are vulnerable and no patch is available
  • Windows XP with Service Pack 3 x86   KB4012598
  • Windows XP with Service Pack 2 x64   KB4012598
  • Windows XP Embedded with Service Pack 3 x86   KB4012598
  • Windows Vista with Service Pack 2 x86   KB4012598
  • Windows Vista with Service Pack 2 x64   KB4012598
  • Windows 7 with Service Pack 1 x86   KB4012212 or KB4012215
  • Windows 7 with Service Pack 1 x64   KB4012212 or KB4012215
  • Windows 8 x86 KB4012598
  • Windows 8 x64 KB4012598
  • Windows 8.1 x86 KB4012213 or KB4012216
  • Windows 8.1 x64 KB4012213 or KB4012216
  • Windows 10 x86  KB4012606
  • Windows 10 x64  KB4012606
  • Windows 10 version 1511 x86 KB4013198
  • Windows 10 version 1511 x64 KB4013198
  • Windows 10 version 1607 x86 KB4013429
  • Windows 10 version 1607 x64 KB4013429
  • Windows Server 2003 with Service Pack 2 x86 KB4012598
  • Windows Server 2003 with Service Pack 2 x64 KB401258
  • Windows Server 2008 with Service Pack 2 x86 KB4012598
  • Windows Server 2008 with Service Pack 2 x64 KB401258
  • Windows Server 2008 R2 with Service Pack 1  KB4012212 or KB4012215
  • Windows Server 2012 KB4012214 or KB4012217
  • Windows Server 2012 R2  KB4012213 or KB4012216
  • Windows Server 2016 KB4013429

Recommended actions

Please ensure your servers have the latest patches:

If patches are not available for a system and it cannot be protected via alternative controls, such as anti-malware, then it is recommended that SMB ports be blocked for the system until such time as it can be patched or additional controls applied to protect against infection.

 

Patching Guidance

  1. Desktops and Laptops must be patched and running current anti-malware that provides protection
  2. Servers that are vendor supported, and not end of life, must be patched
  3. Servers that cannot be patched must block SMB via host-based or network firewalls
  4. All servers must have up to date anti-malware protection

If in any doubt at all, please don’t hesitate to contact the UBC IT Service Desk at http://www.it.ubc.ca/helpdesk

More Information

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://technet.microsoft.com/en-us/library/security/ms17-012.aspx

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://isc.sans.edu/forums/diary/Massive+wave+of+ransomware+ongoing/22412/

https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/

https://blog.malwarebytes.com/cybercrime/2017/05/wanacrypt0r-ransomware-hits-it-big-just-before-the-weekend/

Posted in ,

Visit the UBC IT Website

Archives

RSS Feeds