Platforms not affected
Products running Windows CE 6 and Windows Embedded Compact 7 are not affected by the WannaCry malware package.
PRO3, CP3, CP3N, AV3, DMPS 3-Series (all models), DM-64X64, DM-128X128, RMC3, DIN-AP3, TSW-550, TSW-750, TSW-1050, TSM-730
- Only code signed with Crestron certificates can execute on these devices.
- These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
- The SMB file server is not enabled and so they are not vulnerable to the original ETERNALBLUE exploit.
- NOTE: It is not clear that the vulnerability exists in the Embedded Compact SMB implementation in the first place but as noted it is disabled anyway.
TPMC-4SM, TPMC-9, TST-600
- Only code signed with Crestron certificates can execute on these devices.
- These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
- The SMB ports are open but there is no notice of this implementation being vulnerable to the original ETERNALBLUE exploit.
MC3, TPCS-4SM
- Only code signed with Crestron certificates can execute on these devices.
- These devices cannot execute x86 native code and so are not vulnerable to the WannaCry malware.
Platforms potentially affected
Crestron also has devices using XP Embedded and Windows Embedded Standard 7.
DGE-2, DGE-1, TPMC-V12, TPMC-V15
- These products have the SMB ports closed by default and so are not vulnerable under normal installation.
- In the event the device does become infected; a reboot will clean it up.
- Please install the following update service pack which includes Microsoft KB4012598
- DGE-1 Use dge-1-osp_1.1.10.zip or higher
- DGE-2 Use dge-2_1.01.10.puf or higher
- TPMC-V12/15 Use tpmc-v12_tpmc-v15_1.01.008.puf or higher
TPMC-8X-GA
TPMC-8X-GA Use tpmc-8x-ga-osp_1.1.10.zip or higher.
- NOTE: This product has SMB ports open by default and should be considered at risk.
- In the event the devices does become infected, a reboot will clean it up.
- Please install the following updated service pack which includes Microsoft KB4012598.
TPMC-8X, TPMC-8L
- NOTE: This product has SMB ports open by default and should be considered at risk.
- In the event the devices does become infected, a reboot will clean it up.
- Please install the following updated service pack which forces the SMB ports closed regardless of any other settings.
- Upgrade firmware to version 2.00.02.219 or above. 2.00.02.221 is the latest release at this writing.
- Install new service pack tpmc-8x-tpmc-8l-firewall_1.0.0.zip.
- Ensure firewall is enabled using the console command: FIREWALL
ADMS, ADMS-BR, ADMS-G2
These products have the SMB ports closed by default and so are not vulnerable under default installation. If file sharing options are enabled the device should be considered at risk.
Crestron RL (Version 1 and 2)
- Crestron RL products disallow arbitrary applications to be executed and so are not vulnerable.
- These products have the SMB ports closed by default and so are not vulnerable under normal installation.
- Notwithstanding these protections, Microsoft has provided a security update for Crestron RL products – https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Skype-for-Business-15-15-9-Security-Update-for-Crestron-RL/ba-p/70432
- This has been posted in CCS-UC-200 ver. 15.15.09 and CCS-UC-100 ver. 15.15.09
CEN-FUSION-SERVER-R330, CEN-FUSION-RVS-R310, CEN-FUSION-R320, CEN-RVS-R210, CEN-RVS-R320
Please follow Microsoft guidance for Windows Server Products: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
NOTE: No other current Crestron products have been found to be affected by the WannaCry malware.