|
Dear Alibaba Cloud users,
On April 14, 2017, the foreign hacker group Shadow Brokers issued a confidential document from the NSA Equation organization, which contains multiple Windows remote exploit tools, which can cover 70% of the world's Windows servers and can lead to server intrusion.
One. Scope of Impact:
Known affected versions of Windows include, but are not limited to:
Windows NT、Windows 2000、Windows XP、Windows 2003、Windows Vista、Windows 7、Windows 8,Windows 2008、Windows 2008 R2、Windows Server 2012 SP0;
Two. Investigation method The tools exposed this time use SMB services and RDP services to remotely invade, and it is necessary to confirm whether the server has opened ports 137, 139, 445, and 3389.
The troubleshooting method is as follows: The telnet destination address 445 on the public network computer, for example: telnet [IP] 445
Three. Mitigation measures
1. Microsoft has sent outNotice, it is highly recommended that you update the latest patch;
Tool Name | Solution | “EternalBlue” | Addressed byMS17-010 | “EmeraldThread” | Addressed byMS10-061 | “EternalChampion” | Addressed byCVE-2017-0146&CVE-2017-0147 | “ErraticGopher” | Addressed prior to the release of Windows Vista | “EsikmoRoll” | Addressed byMS14-068 | “EternalRomance” | Addressed byMS17-010 | “EducatedScholar” | Addressed byMS09-050 | “EternalSynergy” | Addressed byMS17-010 | “EclipsedWing” | Addressed byMS08-067 |
2. At present, Alibaba Cloud console has also released a one-click circumvention tool for this vulnerability, if you do not use ports 137, 139, or 445 in your business, you can log in to [ECS console] - [Security Group Management] - [Rule Configuration] to use the tool to circumvent this vulnerability risk with one click.
3. Use the security group public network access policy to restrict the 3389 remote login source IP address.
Alibaba Cloud Repair Solution:
| 
Posted on 4/16/2017 11:46:00 AM
|
|
|
|
