Please run windows update now

Keith Medcalf kmedcalf at dessus.com
Sat May 13 04:43:25 UTC 2017


The SMBv1 issue was disclosed a year or two ago and never patched.
Anyone who was paying attention would already have disabled SMBv1.

Thus is the danger and utter stupidity of "overloading" the function of service listeners with unassociated road-apples.  Wait until the bad guys figure out that you can access the same "services" via a connection to the DNS port (UDP and TCP 53) on windows machines ...

-- 
˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı


> -----Original Message-----
> From: NANOG [mailto:nanog-bounces+kmedcalf=dessus.com at nanog.org] On Behalf
> Of Karl Auer
> Sent: Friday, 12 May, 2017 18:58
> To: nanog at nanog.org
> Subject: Re: Please run windows update now
> 
> On Fri, 2017-05-12 at 10:30 -0800, Royce Williams wrote:
> > - In parallel, consider investigating low-hanging fruit by OU
> > (workstations?) to disable SMBv1 entirely.
> 
> Kaspersky reckons the exploit applies to SMBv2 as well:
> 
> https://securelist.com/blog/incidents/78351/wannacry-ransomware-used-in
> -widespread-attacks-all-over-the-world/
> 
> I thought it was a typo in para 2 and the table, but they emailed back
> saying nope, SMBv2 is (was) also broken. However, they also say (same
> page) that the MS patch released in March this year fixes it.
> 
> Assuming they are right, I wonder why Microsoft didn't mention SMBv2?
> 
> Regards, K.
> 
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Karl Auer (kauer at biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
> 
> GPG fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
> Old fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
> 






More information about the NANOG mailing list