Kaspersky ID:
KLA10977
Дата обнаружения:
14/03/2017
Обновлено:
23/05/2024

Описание

Multiple serious vulnerabilities have been found in Microsoft Server Message Block 1.0(SMBv1). Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. An improper handling of certain requests can be exploited remotely by an unauthenticated attacker via specially designed packets to execute code on the target server;
  2. An improper handling of certain requests can be exploited remotely by an unauthenticated attacker via specially designed packets to execute code to obtain sensitive information from the server.

Technical details

Successful exploitation of these vulnerabilities can trigger WannaCry attack.

In case of WannaCry attack, EternalBlue modules are used to begin exploiting SMB vulnerabilities; if an attempt of exploit is successful, the DoblePulsar backdoor is used to install the malware.

Both SMBv1 and SMBv2 packets can be used in WannaCry attack, so disabling them can prevent the operational system from being infected. It is highly recommended to disable SMBv1, because this old protocol doesn’t have any significant impacts on modern operational systems. Disabling SMBv2 can cause serious problems.

For more details see Securelist article.

Users of Windows XP, Windows 8 and Windows server 2003 should read Customer Guidance for WannaCrypt attacks from Microsoft.

Note that Windows 10 and Windows Server 2016 are not affected by the WannaCry attack.

Первичный источник обнаружения

Эксплуатация

This vulnerability can be exploited by the following malware:

https://threats.kaspersky.com/en/threat/Intrusion.Win.EternalRomance/

https://threats.kaspersky.com/en/threat/Intrusion.Win.CVE-2017-0147.sa.leak/

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2017-0143
    critical
  • CVE-2017-0144
    critical
  • CVE-2017-0145
    critical
  • CVE-2017-0146
    critical
  • CVE-2017-0147
    high
  • CVE-2017-0148
    critical

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Confirm changes?
Your message has been sent successfully.