Hi,
One of my colleagues emailed your technical support team about a month ago regarding your plan of action for mitigating the risk to networked consoles from worms that propagate using the SMBv1 vulnerabilities that have recently been made very widespread with the WannaCry attack.
We have an ETC Element running Windows XP Embedded, so our console is running one of the affected versions of Windows. As Microsoft has now made patches for all recent versions of their OS available, is there any guidance on how to get these patches onto our Element, as we did have a WiFi network for remote control setup that was regularly used by phones as well as (potentially untrusted as the space is shared with several show teams) Windows laptops running ETC Nomad in client mode.
Looking forward, are there any plans to migrate away from EOS' dependency on SMBv1 and to move to versions 2 or 3 which are far more secure?
Sources:
- https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
- https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
- http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
Thanks,
Rob