CVE-2017-0143 Windows SMB RCE Vulnerability (WannaCry)

SUMMARY

This article discusses CVE-2017-0143, the ransomware attack known as "WannaCry"

CVE ID

CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0148

DESCRIPTION

The SMBv1 server in Microsoft Windows allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. 

The associated ransomware attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.

Unitrends Risk Assessment: None.  This ransomware attack only impacts Windows OS systems, Unitrends appliances run on Linux and are immune to direct infection.  
 

RESOLUTION

Resolution:   Upgrade any Windows systems to the Microsoft Windows Service Pack dated March 14 or later. 

Note, your Unitrends Appliance may report detection of ransomware on some of your protected systems.  Current releases of Unitrends Backup now actively seek to inform customers of possible infections in their environments.   Please see this article for more information on our Ransomware detection features:  https://helpdesk.kaseya.com/hc/en-gb/articles/4407510083601

For additional information, see this article:  https://www.unitrends.com/solutions/use-cases/ransomware-protection

LINK TO ADVISORIES

 

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section