[194564] in North American Network Operators' Group
RE: Please run windows update now
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat May 13 00:43:31 2017
X-Original-To: nanog@nanog.org
Date: Fri, 12 May 2017 22:43:25 -0600
In-Reply-To: <1494637109.2230.77.camel@biplane.com.au>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
The SMBv1 issue was disclosed a year or two ago and never patched.
Anyone who was paying attention would already have disabled SMBv1.
Thus is the danger and utter stupidity of "overloading" the function of ser=
vice listeners with unassociated road-apples. Wait until the bad guys figu=
re out that you can access the same "services" via a connection to the DNS =
port (UDP and TCP 53) on windows machines ...
--
=CB=99u=CA=8Dop-=C7=9Dp=C4=B1sdn s=C4=B1 =C9=B9o=CA=87=C4=B1uo=C9=AF =C9=B9=
no=CA=8E 's=C4=B1=C9=A5=CA=87 p=C9=90=C7=9D=C9=B9 u=C9=90=C9=94 no=CA=8E =
=C9=9F=C4=B1
> -----Original Message-----
> From: NANOG [mailto:nanog-bounces+kmedcalf=3Ddessus.com@nanog.org] On Beh=
alf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog@nanog.org
> Subject: Re: Please run windows update now
>
> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > - In parallel, consider investigating low-hanging fruit by OU
> > (workstations?) to disable SMBv1 entirely.
>
> Kaspersky reckons the exploit applies to SMBv2 as well:
>
> https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> -widespread-attacks-all-over-the-world/
>
> I thought it was a typo in para 2 and the table, but they emailed back
> saying nope, SMBv2 is (was) also broken. However, they also say (same
> page) that the MS patch released in March this year fixes it.
>
> Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
>
> Regards, K.
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: A52E F6B9 708B 51C4 85E6=C2=A01634 0571 ADF9 3C1C 6A3A
> Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
>
