WanaCry Vulnerability

[telebub]

Anyone having to address the WanaCry vulnerability on CallPilot? We're patched current through Hotfix SECPEP018S. I see no recourse for correction on a CallPilot server short of unplugging from the CLAN. Anyone seen an official statement from Avaya?

 

[SherWat]

Haven't heard a statement from Avaya yet, but our network folks went ahead and patched our CP server (1005r at 5.51) and it crashed our server.

 

[telebub]

Thanks SherWat. So they attempted to install the individual MS patch for Windows 2003 Server?

 

[SherWat]

Yes, I believe that is what they did.

 

[curtismo]

Has anyone done filtering or firewalling for 80/443 on the switch CLAN port to Call Pilot?

 

[bignose21]

So we have a big escalation on it, I have patched with KB4012598 on our Lab server and rebooted seems fine. I will be adding it to production servers tomorrow. I will come back if there are any issues, the patch from Microsoft wasn't put out until March so it would not be in SEC PEP 18. Like you say no mention on Avaya website for CP.

 

[telebub]

I have also just installed the patch (KB4012598) on a lab 600r and it seems fine. We will patch the production servers tonight.

 

[bignose21]

Done production servers including ones with AACC with callpilot integration for IVR/ACCESS and working fine

 

[telebub]

We have also patched all of our production servers including servers integrated with AACC and have had no issues. We were also instructed by our Data Security department to add a registry value of SMB1 and set it to disabled. The path for this value is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
Registry entry: SMB1
REG_DWORD: 0 = Disabled