Detect date
?
|
03/14/2017 |
Severity
?
|
Critical |
Description
|
Multiple serious vulnerabilities have been found in Microsoft Server Message Block 1.0(SMBv1). Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities:
Technical details Successful exploitation of these vulnerabilities can trigger WannaCry attack. In case of WannaCry attack, EternalBlue modules are used to begin exploiting SMB vulnerabilities; if an attempt of exploit is successful, the DoblePulsar backdoor is used to install the malware. Both SMBv1 and SMBv2 packets can be used in WannaCry attack, so disabling them can prevent the operational system from being infected. It is highly recommended to disable SMBv1, because this old protocol doesn’t have any significant impacts on modern operational systems. Disabling SMBv2 can cause serious problems. For more details see Securelist article. Users of Windows XP, Windows 8 and Windows server 2003 should read Customer Guidance for WannaCrypt attacks from Microsoft. Note that Windows 10 and Windows Server 2016 are not affected by the WannaCry attack. |
Affected products
|
Microsoft Windows XP Service Pack 2 |
Solution
|
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) |
Original advisories
|
Customer Guidance for WannaCrypt attacks |
Impacts
?
|
ACE [?] OSI [?] |
Related products
|
Microsoft Windows Vista Microsoft Windows Server 2012 Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2003 Windows RT Microsoft Windows XP Microsoft Windows 10 |
CVE-IDS
?
|
CVE-2017-01439.3Critical
CVE-2017-01449.3Critical CVE-2017-01459.3Critical CVE-2017-01469.3Critical CVE-2017-01474.3Warning CVE-2017-01489.3Critical |
Microsoft official advisories
|
Microsoft Security Update Guide |
KB list
|
4012217 |
Exploitation
|
This vulnerability can be exploited by the following malware: https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/ https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/ The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/43970 https://www.exploit-db.com/exploits/41891 https://www.exploit-db.com/exploits/42031 https://www.exploit-db.com/exploits/42030 https://www.exploit-db.com/exploits/41987 https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/ https://www.exploit-db.com/exploits/43970 https://www.exploit-db.com/exploits/43970 https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/ |