• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Antivirus For Server • Ransomware  /  MS17-010 – Windows SMB server exploitation leads to ransomware outbreak
13 May 2017

MS17-010 – Windows SMB server exploitation leads to ransomware outbreak

Written by Pradeep Kulkarni
Pradeep Kulkarni
Antivirus For Server, Ransomware
Estimated reading time: 2 minutes

The Microsoft Windows SMB (Server Message Block) is being actively exploited in the wild, post the Shadow Brokers (TSB) leak in April 2017. According to Microsoft’s blog, the exploits were already covered in previously released security bulletins. The Shadow Broker exploits named ‘EternalBlue’ and ‘EternalRomance’ and ‘EternalSynergy’ are addressed by Microsoft in security bulletin MS17-010. According to security advisory published by CCN-CERT of Spain’s national computer emergency response team on May 12, 2017, the infamous exploit ‘EternalBlue’ is currently being used in a massive ransomware outbreak. The ransomware used in this campaign is ‘WannaCrypt’ (aliases WannaCry , WanaCrypt0r , WCry). Microsoft’s latest updated on this outbreak are tracked here.

Quick Heal & Seqrite Detections

Quick Heal and Seqrite have released the following IPS detections for the vulnerabilities reported in security bulletin MS17-010.

  • VID-01899 : [MS17-010] Windows SMB Remote Code Execution Vulnerability
  • VID-01901 : [MS17-010] Windows SMB Remote Code Execution Vulnerability
  • VID-01906 : [MS17-010] Windows SMB Remote Code Execution Vulnerability
  • VID-01907 : [MS17-010] Windows SMB Remote Code Execution Vulnerability
  • VID-01912 : [MS17-010] Windows SMB Information Disclosure Vulnerability

Quick Heal and Seqrite users are protected from the vulnerabilities reported in security bulletin MS17-010.

IPS Hits Trend

As observed in Quick Heal Security Labs, below is the trend of the exploitation for MS17-010.

exploitation-of-vulnerabilities-reported-in-ms17-010

Exploitation of vulnerabilities reported in MS17-010

  • Hits reported after May 09, 2017 shows a spike in the activity.

Safety Measures

  • Disable SMB service (running on port 445) if not used.
  • Apply security updates from Microsoft, especially for MS17-010.
  • Apply the latest security updates released by Quick Heal.

Conclusion

The high-profile leak from Shadow Broker has resulted in massive ransomware outbreak. Such leaks enable attackers to use the readily available exploits in various such outbreaks. We advise our users to stay protected by following safety measures stated above.

 Previous PostWannaCry Ransomware Creating Havoc Worldwide by Exploiting Patche...
Next Post  Seqrite Endpoint Security (EPS) version 7.2 released: All the key...
Pradeep Kulkarni
About Pradeep Kulkarni

Pradeep Kulkarni is leading the IPS team in Quick Heal Technologies Limited. Having worked in the IT security industry for over 11 years, he has worked on various...

Articles by Pradeep Kulkarni »

Related Posts

  • Thanos Ransomware adopts hyper-weaponized RIPlace tactics — collects huge pay-offs.

    Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic

    November 18, 2020
  • Hackers ransack businesses by riding on the modern-day Trojan Horse.

    PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.

    August 26, 2020
  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • RAT used by Chinese cyberspies infiltrating Indian businesses RAT used by Chinese cyberspies infiltrating Indian businesses December 18, 2020
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • How can EdTech companies deal with rising security challenges? How can EdTech companies deal with rising security challenges? December 24, 2020

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Are we prepared against risks generating from the IoT revolution?

    Are we prepared against risks generating from the IoT revolution?

    January 15, 2021
  • Proactiveness is the key to resolving hybrid cloud’s security challenges

    Proactiveness is the key to resolving hybrid cloud’s security challenges

    January 6, 2021
  • How can EdTech companies deal with rising security challenges?

    How can EdTech companies deal with rising security challenges?

    December 24, 2020

Stay Updated!

Topics

Antivirus For Linux (10) Antivirus For Server (9) BYOD (9) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (274) cyber security (25) Cyber threat (29) cyber threats (44) Data (10) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) incident response plan (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (54) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.