ETC Eos and SMBv1 vulnerabilities (RE WannaCry)

Hi,

One of my colleagues emailed your technical support team about a month ago regarding your plan of action for mitigating the risk to networked consoles from worms that propagate using the SMBv1 vulnerabilities that have recently been made very widespread with the WannaCry attack.

We have an ETC Element running Windows XP Embedded, so our console is running one of the affected versions of Windows. As Microsoft has now made patches for all recent versions of their OS available, is there any guidance on how to get these patches onto our Element, as we did have a WiFi network for remote control setup that was regularly used by phones as well as (potentially untrusted as the space is shared with several show teams) Windows laptops running ETC Nomad in client mode.

Looking forward, are there any plans to migrate away from EOS' dependency on SMBv1 and to move to versions 2 or 3 which are far more secure?

Sources:

Thanks,

Rob

Parents
  • Hi Rob,

    The configuration of the Embedded OS is carefully monitored to provide a consistent and stable operating platform. As such we want to make sure any patches provided by Microsoft don't negatively impact features or performance and are able to be deployed. ETC is investigating possible Windows Embedded OS updates that include a comprehensive fix for the vulnerability as developed and validated by Microsoft. Until this can be validated on the ETC platforms we encourage everyone to please contact Technical Services to discuss the Risk associated with your specific configuration and on options regarding actions required, if any.

    As your colleague has already contacted Technical Services, someone will be reaching back out to you directly to discuss this matter.

    Thanks,
    Matt
Reply
  • Hi Rob,

    The configuration of the Embedded OS is carefully monitored to provide a consistent and stable operating platform. As such we want to make sure any patches provided by Microsoft don't negatively impact features or performance and are able to be deployed. ETC is investigating possible Windows Embedded OS updates that include a comprehensive fix for the vulnerability as developed and validated by Microsoft. Until this can be validated on the ETC platforms we encourage everyone to please contact Technical Services to discuss the Risk associated with your specific configuration and on options regarding actions required, if any.

    As your colleague has already contacted Technical Services, someone will be reaching back out to you directly to discuss this matter.

    Thanks,
    Matt
Children
No Data
Related