Intrusion attacks attempt to exploit vulnerable or improperly configured applications, services, and operating systems remotely through a network to achieve arbitrary code execution and perform unauthorized network activity.
A successful intrusion attack can result in remote code execution on the targeted hosts.
Server Message Block (SMB) is an application-layer network protocol that operates over TCP ports 139 and 445, which are widely used for file and printer sharing and remote services access.
An Intrusion.Win.MS17-010.* attack targets Windows computers and attempts to exploit SMB network vulnerabilities that were fixed in Microsoft Security Bulletin MS17-010 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. Successful exploitation of those vulnerabilities can result in remote code execution on target computers, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network.
Successful exploitation can result in remote code execution on target computers, which allows an attacker to load malware and propagate it to other vulnerable hosts on a network.
Exploits targeting MS17-010 vulnerabilities were used in WannaCry and ExPetr ransomware attacks.