The leaked NSA cyber weapon, EternalBlue, an exploit of Microsoft Windows that attacks SMB file-sharing services, was leaked by the Shadow Brokers hacker group last month and has since been used as part of the catastrophic WannaCry attack that started on May 12, 2017.
This global attack is a sobering lesson in what happens when software vulnerabilities fall into the hands of criminals, but also, should serve as a wake-up call for those running out of date software and systems.
NNT guidance is to ensure latest MS Patches are applied to all systems at all times – MS have now released patches for all Windows platforms including the officially unsupported Windows XP operating system - see here
We also advise removing SMB V1 completely from any system and the report here will verify that this is indeed the case – the report will check for the existence of Registry Key and verify that it is set to 0 / Disabled
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters \ SMB1
Once you've downloaded the report, follow these instructions:
To upload the SMB Compliance Report to Change Tracker after downloading it from the link above, log into you change tracker console and click on the “Settings” Tile – then, look to the left and select the “Compliance Report Templates” tab. Once this comes up, click on “Upload Templates” and navigate to the location of the file and select it. Once selected, press the “Upload Files” button. Which should then display a progress bar. Once this progress bar is at 100%, continue to the next step.
Finally, assign the Compliance Report Template you have just uploaded to run on the desired group on a schedule of your liking. In our case, this would be Windows devices, and we want to run this daily. On the “Settings Tile” – Click on the “Groups” tab and then select the “Windows” group. From here, on the right side of the screen, you should see various tabs related to the Windows group. Select the “Scheduled Reports” tab, and press “+ Schedule a New Report.” Upon clicking this, a pop-up box will appear asking you to first select the Compliance Report you want to run, select the SMB Report. If you want this to run immediately, do not select a Start time, and if you never want this to end, do not select and End time. Set the schedule to Daily, and leave the Pass Mark at 100%. Click the “Update” Button.
For any concerns or queries regarding WannaCry or EternalBlue contact [email protected]