Windows remote command execution 0day vulnerability security alert
1、 Summary
Shadow Brokers discloses multiple Windows remote vulnerability exploitation tools, which can successfully invade servers by using SMB and RDP services, covering 70% of the world's Windows servers. The POC has been disclosed, and anyone can directly download and remotely exploit it.
2、 Vulnerability level
Vulnerability level: urgent 。 (Note: There are four vulnerability levels: general, important, serious and urgent.)
3、 Scope of influence
Currently known affected Windows versions include but are not limited to: Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8, Windows 2008, Windows 2008 R2, Windows Server 2012 SP0
4、 Troubleshooting method
1. View the Windows system version;
2. Check the port opening condition. The local cmd command netstat – an checks the port listening condition. Then, check the telnet target host port of the external host, such as telnet 114.114.114 137
5、 Safety advice
1) Temporary circumvention measures: close ports 135, 137, 139, 4453389 and open them to the Internet. It is recommended to use the security group policy to prohibit the 135.137.139.445 port; 3389 Port restrictions allow only specific IP access
2) Download the patch upgrade on Microsoft's official website in time
Microsoft official announcement connection:
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
Microsoft has issued an announcement and strongly recommends that you update the latest patch:
Code Name |
Solution |
“EternalBlue” |
Addressed by MS17-010 |
“ EmeraldThread ” |
Addressed by MS10-061 |
“ EternalChampion ” |
Addressed by CVE-2017-0146 & CVE-2017-0147 |
“ ErraticGopher ” |
Addressed prior to the release of Windows Vista |
“ EsikmoRoll ” |
Addressed by MS14-068 |
“EternalRomance” |
Addressed by MS17-010 |
“EducatedScholar” |
Addressed by MS09-050 |
“EternalSynergy” |
Addressed by MS17-010 |
“EclipsedWing” |
Addressed by MS08-067 |