London, UK, 12 May 2017 – You will all have seen the news today regarding a global ransomware attack that has hit many NHS trusts in the UK. Despite initial reports, this attack is not specific to the NHS but is targeting all organisations with unpatched systems.
There are several ways to defend against such an attack, such as ensuring you have valid backups of your data; not opening suspicious attachments in emails and ensuring patching is up to date.
If you’re struggling to identify the vulnerable assets on your network, our partners Tenable are offering a free 60-day trial of Tenable.IO – to take advantage of this offer and gain visibility of all the assets on your network, register here.
We’re contacting all of our clients to advise you (if you have not already done so and if you are able) to apply the security update released by Microsoft on March 14th this year.
Microsoft announced a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server. This service (SMB) is utilised to present shares, printers and more on a Microsoft Domain network. The vulnerability exposes core Active directory components to Remote Code Execution from unauthenticated attackers who would be able to execute any code they wished to potentially gain access to the entire network. The patches Microsoft have provided are likely to provide a fix and should be tested installed as a matter of urgency.
Specific Security reports of the Common Vulnerabilities and Exposures (CVEs) are below:
- Windows SMB Remote Code Execution Vulnerability : CVE-2017-0143
- Windows SMB Remote Code Execution Vulnerability : CVE-2017-0144
- Windows SMB Remote Code Execution Vulnerability : CVE-2017-0145
- Windows SMB Remote Code Execution Vulnerability : CVE-2017-0146
- Windows SMB Remote Code Execution Vulnerability : CVE-2017-0148
The released patches target the SMBv1 service and the way it handles the requests that can be used to exploit it.
Sapphire offers remediation services ranging from security reviews, patch management, user education and awareness, anti-malware solutions and forensic investigation services.
#breakthekillchain – contact Sapphire on firstname.lastname@example.org