SUMMARY
This article discusses CVE-2017-0143, the ransomware attack known as "WannaCry"
CVE ID
CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148
DESCRIPTION
The SMBv1 server in Microsoft Windows allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
The associated ransomware attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
Unitrends Risk Assessment: None. This ransomware attack only impacts Windows OS systems, Unitrends appliances run on Linux and are immune to direct infection.
RESOLUTION
Resolution: Upgrade any Windows systems to the Microsoft Windows Service Pack dated March 14 or later.
Note, your Unitrends Appliance may report detection of ransomware on some of your protected systems. Current releases of Unitrends Backup now actively seek to inform customers of possible infections in their environments. Please see this article for more information on our Ransomware detection features: https://helpdesk.kaseya.com/hc/en-gb/articles/4407510083601
For additional information, see this article: https://www.unitrends.com/solutions/use-cases/ransomware-protection
LINK TO ADVISORIES