The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry attack that started on May 12, 2017.

This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.

NNT guidance is to ensure latest MS Patches are applied to all systems at all times – MS have now released patches for all Windows platforms including the officially unsupported Windows XP operating system - see here

We also advise removing SMB V1 completely from any system and the report here will verify that this is indeed the case – the report will check for the existence of Registry Key and verify that it is set to 0 / Disabled

HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters \ SMB1

Once you've downloaded the report, follow these instructions: 

To upload the SMB Compliance Report to Change Tracker after downloading it from the link above, log into you change tracker console and click on the “Settings” Tile – then, look to the left and select the “Compliance Report Templates” tab. Once this comes up, click on “Upload Templates” and navigate to the location of the file and select it. Once selected, press the “Upload Files” button. Which should then display a progress bar.  Once this progress bar is at 100%, continue to the next step.

sesfse

Finally, assign the Compliance Report Template you have just uploaded to run on the desired group on a schedule of your liking. In our case, this would be Windows devices, and we want to run this daily. On the “Settings Tile” – Click on the “Groups” tab and then select the “Windows” group. From here, on the right side of the screen, you should see various tabs related to the Windows group. Select the “Scheduled Reports” tab, and press “+ Schedule a New Report.” Upon clicking this, a pop-up box will appear asking you to first select the Compliance Report you want to run, select the SMB Report. If you want this to run immediately, do not select a Start time, and if you never want this to end, do not select and End time. Set the schedule to Daily, and leave the Pass Mark at 100%. Click the “Update” Button.

rtghfkk

 

For any concerns or queries regarding WannaCry or EternalBlue contact [email protected]

 

 

 

NNT has a range of training and managed service offerings to help you get the most of your solution.
Call (844) 898-8362 or click here to request more information.

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.