You need to get your Windows computer protected against . Here are detailed instructions on how to see if you need patching and, if you do, how to get patched.
By far the easiest method is to simply run Windows Update and install all important patches. You may not be able to do that—or may not want to do that—for several important reasons:
- You may not want all of the latest patches, whether for compatibility reasons or because you don’t trust Microsoft’s additional snooping in Windows 7 and 8.1 Monthly Rollups
- If you’re using Windows XP or Windows 8, Windows Update doesn’t work
- If you’re running Windows 7 or 8.1 on a newer computer (Kaby Lake and Ryzen processors, as well as several others), Microsoft may have
- You may have problems running Windows Update for myriad reasons, and you don’t want to futz around with figuring out the reason or resetting while the threat lingers
Your approach to checking if you need the patches, and then installing them, will vary depending on your operating system.
Windows XP, Windows 8
You don’t have the WannaCry patch, unless you downloaded and installed it already. Follow the links under “Further Resources” at the to download and run the installer. has detailed instructions for XP.
, and install it.
If you can’t get Windows Update to work because Microsoft is , be of good cheer. The fact that you can’t run Windows Update means that you’ve already installed the fix.
For everybody else, if you don’t want to install all of the current patches, you can see if the patch is already installed. Click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have any of these patches:
the March 2017 Security Only Quality Update for Windows 7 (KB4012212) for or .
(Note that the list is quite deliberate and, I think, exact—except for two earlier Rollup Previews, which are unlikely to appear on your computer. In particular, if you’re manually installing security-only patches in the “Group B” style, you must have the March 2017 Security Only Quality Update for Windows 7 (KB4012212). Other security-only patches don’t include the MS17-010 fix.)
Again, if Microsoft is blocking Windows Update because your computer is running on a Kaby Lake, Rizen, Carrizo DDR4, AMD RX-480, or any of a handful of similar newer processors, you’re fine. The fix has already been installed.
Otherwise, to see if the patch is already installed, click Start > Control Panel > System and Security. Under Windows Update click the View installed updates link. Scan the list (which can be alphabetized by clicking the box marked Name, or sorted by date) to see if you have ANY of these patches:
- 2017-05 Security Monthly Quality Rollup for Windows 8.1 (KB4019215)
- April, 2017 Preview of Monthly Quality Rollup for Windows 8.1 (KB4015553)
- April, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4015550)
- March, 2017 Security Monthly Quality Rollup for Windows 8.1 (KB4012216)
- March, 2017 Security Only Quality Update for Windows 7 (KB4012213)
If you have any of those patches, you’re fine. Again, I’m not suggesting that you install anything unless none of those patches are installed. If you have none of those patches, the March 2017 Security Only Quality Update for Windows 8.1 (KB4012213) for or .
See the note above about security-only patches. Again, I believe this list is complete and accurate.
While it’s true that WannaCry doesn’t attack Win10 computers, that shouldn’t make you complacent. The faulty SMBv1 driver is alive and well on Win10 machines, and it could be used in the future to take over your PC. You need to make sure you’re patched.
Creators Update (version 1703) is fine.
Anniversary Update (version 1607) – . If you have Build 14393.953 or later, you’re fine. If you don’t, use Windows Update to 14393.1198. Yes, I know that violates the current MS-DEFCON 2 setting, but you need to get up to or beyond 14393.953.
Fall Update (version 1511) – Use the steps above to check your build number. You have to be at build 10586.839 or later. Abandon the MS-DEFCON rating system if you must to get up to or beyond that build number.
RTM (“version 1507”) – Follow the same procedure to make sure you’re up to or beyond build 10240.17319. And remember that your system’s toast soon.
Nice and easy, huh?
Everybody needs to get their systems updated, at least to the point mentioned here. Yes, that includes your sainted Aunt Martha.