Initial reports indicate the hacker or hacking group behind the WannaCry campaign is gaining access to enterprise servers through the exploitation of a critical Windows SMB vulnerability. Microsoft released a security update for the MS17-010 (link is external) vulnerability on March 14, 2017. Additionally, Microsoft released patches for Windows XP, Windows 8, and Windows Server 2003 (link is external) operating systems on May 13, 2017.
According to open sources, one possible infection vector may be through phishing.
VersionOne updates our servers on a 4-week rotation. All the servers get the latest Microsoft security patches installed within that 4-week rotation. Per our hosting provider, Rackspace, we have confirmed all servers have been patched accordingly for the WannaCry Vulnerability.
Also, we do not install/run the "SMB1.0/CIFS File Sharing Support" Feature on our servers, so the vulnerability described in the "Microsoft Security Bulletin MS17-010 - Critical" does not exist on our servers.