Information Center

Windows remote command execution 0day vulnerability security alert


1、 Summary

Shadow Brokers discloses multiple Windows remote vulnerability exploitation tools, which can successfully invade servers by using SMB and RDP services, covering 70% of the world's Windows servers. The POC has been disclosed, and anyone can directly download and remotely exploit it.

2、 Vulnerability level

Vulnerability level: urgent (Note: There are four vulnerability levels: general, important, serious and urgent.)

3、 Scope of influence

Currently known affected Windows versions include but are not limited to: Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8, Windows 2008, Windows 2008 R2, Windows Server 2012 SP0

4、 Troubleshooting method

1. View the Windows system version;

2. Check the port opening condition. The local cmd command netstat – an checks the port listening condition. Then, check the telnet target host port of the external host, such as telnet 114.114.114 137

5、 Safety advice

1) Temporary circumvention measures: close ports 135, 137, 139, 4453389 and open them to the Internet. It is recommended to use the security group policy to prohibit the port; 3389 Port restrictions allow only specific IP access

2) Download the patch upgrade on Microsoft's official website in time

Microsoft official announcement connection:

Microsoft has issued an announcement and strongly recommends that you update the latest patch:

Code Name Solution
“EternalBlue” Addressed by  MS17-010
EmeraldThread Addressed by  MS10-061
EternalChampion Addressed by  CVE-2017-0146  &  CVE-2017-0147
ErraticGopher Addressed prior to the release of Windows Vista
EsikmoRoll Addressed by  MS14-068
“EternalRomance” Addressed by  MS17-010
“EducatedScholar” Addressed by  MS09-050
“EternalSynergy” Addressed by  MS17-010
“EclipsedWing” Addressed by  MS08-067