The Microsoft Windows SMB (Server Message Block) is being actively exploited in the wild, post the Shadow Brokers (TSB) leak in April 2017. According to Microsoft’s blog, the exploits were already covered in previously released security bulletins. The Shadow Broker exploits named ‘EternalBlue’ and ‘EternalRomance’ and ‘EternalSynergy’ are addressed by Microsoft in security bulletin MS17-010. According to security advisory published by CCN-CERT of Spain’s national computer emergency response team on May 12, 2017, the infamous exploit ‘EternalBlue’ is currently being used in a massive ransomware outbreak. The ransomware used in this campaign is ‘WannaCrypt’ (aliases WannaCry , WanaCrypt0r , WCry). Microsoft’s latest updated on this outbreak are tracked here.
Quick Heal & Seqrite Detections
Quick Heal and Seqrite have released the following IPS detections for the vulnerabilities reported in security bulletin MS17-010.
Quick Heal and Seqrite users are protected from the vulnerabilities reported in security bulletin MS17-010.
IPS Hits Trend
As observed in Quick Heal Security Labs, below is the trend of the exploitation for MS17-010.
Exploitation of vulnerabilities reported in MS17-010
The high-profile leak from Shadow Broker has resulted in massive ransomware outbreak. Such leaks enable attackers to use the readily available exploits in various such outbreaks. We advise our users to stay protected by following safety measures stated above.