![]() ![]() ![]() ![]() Ensure all affected platforms are updated in line with the Microsoft security bulletin MS17-010.Block SMB related ports (UDP 137, 138 and TCP 137, 139, 445) at your organisation’s external firewall.Ensure your AV software is properly configured and automatically scans all files and file operations (including file reads, writes and re-names) and manually run scans on critical areas such as servers and shared network file storage.Confirm with your AV provider that they have rolled out virus definitions which are supported by your organisation’s operating systems to protect you from the spread of this malware (especially if your organisation is running out of support operating systems).Ensure your AV software is kept updated with the very latest security definitions, to detect current and evolving strains of malware which leverages this vulnerablity.If your network becomes infected immediately report it to your AV provider for investigation and patching.RemediationĮnsure all systems are protected with the latest AV definitions ![]() We have a PowerShell script here that can check your PC for the patches it will check for all Microsoft KB patches associated to MS17-010. The Attack enables the self-propagation of malware through NetBIOS and SMB. The EternalBlue vulnerability was patched by Microsoft in March 2017 as part of MS17-010 which many believe was made possible by the NSA pre-warning Microsoft of the vulnerability. The tool can be used to exploit a publically accessible SMB service, providing a delivery mechanism for an attack using DoublePulsar – a backdoor also included in the ShadowBrokers dump. The most recent dump includes an exploit known as EternalBlue.ĮternalBlue is an exploit designed to attack SMB (Server Message Block) file and print sharing services on the affected windows versions. The ShadowBrokers APT (Advanced Persistent Threat) group are well known for auctioning off stolen dumps of exploits, implants and tools reportedly obtained from the NSA. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |