On May 12 the global propagation of a new ransomware named Ransom.Wannacry was observed. This malware targeted a previously disclosed SMB vulnerability which had been patched in Microsoft Security Bulletin MS17-010, released in March 2017. Previously unsupported versions of the Microsoft Windows Operating System have also now been covered with an update from Microsoft due to the widespread nature of the exploitation.
Customers are advised to install applicable updates if they have not already done so.
Customer Guidance for WannaCrypt attacks
What you need to know about the WannaCry Ransomware
On May 9, Microsoft released its scheduled patch update for May 2017. This month's update covers vulnerabilities in Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, .NET Framework, and Adobe Flash Player.
Customers are advised to apply all patches as soon as possible
Microsoft Security Bulletin Summary for May 2017
ThreatCon Level 2
Medium : Increased alertness
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.