Connect

Scala Security Bulletin Regarding “WannaCrypt” Malware

Revision 1.0, 17-May-2017

This is an important Security Bulletin made available to TechMedia from Scala regarding the “WannaCrypt” (and related) malware attack. Internet security experts generally consider the WannaCrypt malware that exploits the EternalBlue weakness to be serious and worth urgent attention.

Overview

At TechMedia, we take our partners’ and our customers’ security seriously. We’d like to share with you the status of our Scala products and services, and what steps we recommend you take.

As you may know, this week the Internet is experiencing a significant ransomware cyber-attack variously called WannaCrypt, WannaCry, WannaCrypt0r, or Wanna Decryptor.  This attack propagates using an exploit against Microsoft Windows nicknamed EternalBlue. (The name DoublePulsar is also associated with this outbreak; it is a backdoor/exploit tool upon which WannaCrypt et al are built.)

EternalBlue is a family of exploits described by CVE‑2017‑0143, CVE‑2017‑0144, CVE‑2017‑0145, CVE‑2017‑0146, and CVE‑2017‑0148. This exploit uses the SMB feature, which is how Windows accomplishes network file-sharing, printer sharing, etc. This vulnerability affects essentially all versions of Windows and is, therefore, relevant for systems that run on the Windows operating system, such as Scala Enterprise Designer, Scala Enterprise Content Manager, and the Windows Embedded versions of Scala Enterprise Player.

Microsoft has released a critical fix for affected supported versions of Windows, as described in Microsoft Security Bulletin MS17‑010. (Exceptionally, Microsoft has made available a fix for the otherwise out-of-support Windows XP and Windows Server 2003.)

Scala’s IT security teams have already applied the relevant fixes to the Windows operating system of any cloud-based or Scala-hosted Content Manager systems. Our customers or the IT Teams engaged to handle their maintenance, should take appropriate action to patch the Windows operating system for any Designer system, PC Player system, and any on-premise Content Manager. We offer the following guidance to assist in that process.

Scala Player / Designer / Content Manager Systems that are Unaffected

If any of the following is true, those Scala systems are unaffected (cannot be remotely attacked by this malware):

  • Scala system has already been patched with the March 2017 Windows patch from Microsoft
  • Scala system is behind a firewall that blocks SMB traffic (port 445) (if other machines behind the same firewall are not infected)
  • Scala system’s “network type” is set to Public, which also blocks SMB traffic
  • Scala system where the Network Sharing services are stopped and disabled
  • Scala Player is not a Windows Embedded OS (e.g. Android Player)

Verifying that Windows is Patched

From information gathered from various online sources, we can summarize as follows:

Windows 10

From a command prompt or the Cortana search box, type winver

  • If you have the “Creators Update” version 1703, you are OK
  • If you have the “Anniversary Update” version 1607, ensure you have Build 14393.953 or later
  • If you have the “Fall Update” version 1511, ensure you have Build 10586.839 or later
  • If you have the original release version 1507, ensure you have Build 10240.17319

Windows 7 / Windows Server 2008 R2

Look to see if you have any of the following security updates (you only need one):

  • KB4019264: 2017-05 Security Monthly Quality Rollup for Windows 7
  • KB4015552: April, 2017 Preview of Monthly Quality Rollup for Windows 7
  • KB4015549: April, 2017 Security Monthly Quality Rollup for Windows 7
  • KB4012215: March, 2017 Security Monthly Quality Rollup for Windows 7
  • KB4012212: March, 2017 Security Only Quality Update for Windows 7

Use of Windows Update

In general, Windows Update delivers to Players critical updates that are of value in maintaining overall network security. However, in rare cases a Windows Update has been known to introduce undesirable side-effects that can potentially destabilize or disable a Player. While Microsoft generally repairs any such updates rapidly, it is not always going to be the case that an unattended PC will recover on its own.

The best practice is to manage updates by configuring Windows Server Update Services (WSUS). A WSUS server lets you control the timing and selection of which updates are delivered to players, letting you prove critical updates first on a test-Player in the lab, before allowing the live Players to update. (Your business’s policy on Windows Update may require it to be enabled.)

Use of Anti-Virus Software

While anti-virus software can protect against certain attacks, the anti-virus engines themselves can negatively affect Player performance and Player stability, and themselves can be the entry-point for an attack. In general computing, most threats arise from users visiting malicious web sites or opening malicious documents, neither of which is normally a concern on a tightly managed digital signage network.

The best practice is to use anti-virus software on systems where content and files can be introduced into the network. (Your business’s policy may require anti-virus to be installed.)

Staying informed and assistance from TechMedia

Please contact our support team if you need help with best the practice approach to Scala Player patching and we can provide a step-by-step guide to protecting your systems against this threat. Also, keep an eye on our twitter feed or at Scala for all the latest updates and security news from Scala. If the situation warrants, Scala will update this bulletin.

Social Feeds