Intrusion.Win.MS17-010.*

Class Intrusion
Platform Win
Description

Intrusion

Intrusion attacks attempt to exploit vulnerable or improperly configured applications, services, and operating systems remotely through a network to achieve arbitrary code execution and perform unauthorized network activity.

A successful intrusion attack can result in remote code execution on the targeted hosts.

Description

Server Message Block (SMB) is an application-layer network protocol that operates over TCP ports 139 and 445, which are widely used for file and printer sharing and remote services access.

An Intrusion.Win.MS17-010.* attack targets Windows computers and attempts to exploit SMB network vulnerabilities that were fixed in Microsoft Security Bulletin MS17-010 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Successful exploitation of those vulnerabilities can result in remote code execution on target computers, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network.

Successful exploitation can result in remote code execution on target computers, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network.

Exploits targeting MS17-010 vulnerabilities were used in WannaCry and ExPetr ransomware attacks.