WannaCry Ransomware Attack

Advisory ID: 17-0007
Publish Date: 2017-05-23
Revision: 1.0

Summary

On May 12th 2017, a ransomware attack was launched that impacted businesses worldwide. The ransomware, known as WannaCry, spread widely by utilising a vulnerability in Microsoft Windows operating systems.

Detailed Description

The Windows vulnerability utilised by the attack is fully documented in Microsoft Security Bulletin MS17-010: Security Update for Microsoft Windows SMB Server (4013389). The bulletin states:

The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software and Vulnerability Severity Ratings section.

The security update addresses the vulnerabilities by correcting how SMBv1 handles specially crafted requests.

Microsoft released patches to address the vulnerability in supported OS versions on March 14th, 2017. In addition, on May 12th 2017, Microsoft took the unusual step of releasing patches to address the vulnerability in ‘out of support’ Windows operating system versions including Windows XP & Server 2003.

Microsoft Windows systems that are not fully patched can be exploited, leading to attacks such as the WannaCry ransomware attack that impacted many organisations across the world.

Mitigation / Recommended Action

Mitel Engineering Guidelines and Install Guides recommend customers keep current with Windows Updates.

External References

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Related CVEs / CWEs / Advisories

n/a

Möchten Sie mit unserem Sales Team sprechen?