Cyber Security

Wannacrypt Prevention – Advisory from CERT-In (Government of India)

Over the last few days, many systems globally have been affected by a ransomware named “Wannacrypt”. CERT-In from Government of India, has issued an advisory and precautionary measures for the same.

http://www.cyberswachhtakendra.gov.in/alerts/wannacry_ransomware.html

CERTIn –┬áVulnerability Note CIVN20170032

Multiple vulnerabilities in Windows SMB
Original Issue Date:March 15, 2017
Severity Rating: HIGH

Software Affected
Windows Vista Service Pack 2 and Windows Vista x64 Edition Service Pack 2
Windows 7 for 32bit
Service Pack 1 and Windows 7 for x64based
Systems Service Pack 1
Windows 8.1 for 32bit
and 64bit
systems
Windows RT 8.1
Windows 10 for 32 bit and 64bit
systems
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008 R2 for x64based
Systems Service Pack 1
Windows Server 2008 SP2 for 32bit
and 64bit
systems (Server Core Installation)
Windows Server 2008 SP1 R2 for64bit
Systems(Server Core Installation)
Windows Server 2008 R2 for Itaniumbased
Systems Service Pack 1
Windows Server 2008 for Itaniumbased
Systems Service Pack 2
Windows Server 2012 (Server Core Installation)
Windows Server 2012 R2(Server Core Installation)
Windows Server 2016 for 64bit
Systems(Server Core Installation)
Windows Server 2016 for 64bit Systems

Overview
Multiple remote code execution vulnerabilities and an Information Disclosure Vulnerability exist in the way that the Microsoft
Server Message Block 1.0 (SMBv1) server handles certain requests which could be exploited by a remote attacker to execute code on the target server.

Description
1. Remote Code Execution Vulnerabilities ( CVE20170143
CVE20170144
CVE20170145
CVE20170146
CVE20170148)
These vulnerabilities exist in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain specially crafted requests. A unauthenticated attacker could exploit these vulnerabilities by sending specially crafted packets to the targeted SMBv1 server, which could lead him to run an arbitrary code.

2. Windows SMB Information Disclosure Vulnerability ( CVE20170147)
This vulnerability exists in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain specially crafted requests. A unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a targeted SMBv1 server, which could lead to information disclosure from the server.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS17010 Vendor Information
Microsoft
https://technet.microsoft.com/enus/library/security/ms17010.aspx

References
Microsoft
https://technet.microsoft.com/enus/library/security/ms17010.aspx

Cisco
https://tools.cisco.com/security/center/viewAlert.x?alertId=52834
https://tools.cisco.com/security/center/viewAlert.x?alertId=52838
CVE Name
CVE20170143
CVE20170144
CVE20170145
CVE20170146
CVE20170147
CVE20170148
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.

Contact Information
Email: info@certin.org.in
Phone: +911124368572

Postal address
Indian Computer Emergency Response Team (CERTIn)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi 110 003
India

Published by

Deepak

Is a tech entrepreneur who developed India's first operating system on cloud MICROS and runs a 5 year bootstrapped Research and Development IT Firm Pupa Clic primarily spending most hours developing niche technology or managing the products built under his guidance.