SMB Remote Code Execution Vulnerability
- Date Published:2017-05-14
- Last Updated:2017-05-14
- Version Affected: Win XP - Win 2012
- CVE: MS17-010
In April, the Equation Group released data of three folders, as shown below:
The windows folder contains some tools and vulnerability exploitation programs against the windows operating system. The Eternal Blue is in the windows folder and is name ETERNALBLUE.
Eternal Blue attacks Windows operating systems with port 445 enabled and escalate to system privileges.
SMB(Microsoft Server Message Block Protocol) is a file sharing protocol for Microsoft. It is enabled by default in most Windows operating systems for such purposes of sharing files across computers, sharing printers across different computers, etc.
445 port is a TCP port, which provides file or printer sharing service in the local area network. Attackers can establish connection with port 445 and can obtain all sorts of shared information in the designated local area network.
1.Auto update or download patch for MS17-010. Addresses for patches are as follows:
Windows Vista, Windows Server 2008
Windows 7, Windows Server 2008 R2
Windows 8.1, Windows Server 2012 R2
Windows RT 8.1
Windows Server 2012
2.As for operating systems which do not have patches, Windows XP and Windows 2003, you may disable port 445 of SMB service.
3.Sangfor NGFW has released security patches to defend against SMB vulnerability one month ago. You may upgrade to version 20170415 or above.
4.Reference for solution: