Unpatched Security Vulnerabilities

WannaCry is ransomware that contains a worm component. It attempts to exploit vulnerabilities in the Windows SMBv1 server to remotely compromise systems, encrypt files and spread to other hosts. Systems that have installed the MS17-010 patch are not vulnerable to the exploits used. Patches to address the vulnerabilities identified in Microsoft Security Bulletin MS17-010 are available for all versions of Windows from XP onward.

The 2017 WannaCry ransomware attack was probably the clearest example of what can go wrong when patches aren't applied; while a patch for the vulnerability exploited by the ransomware had existed for several months many organizations had failed to use it. 

Software vendors are constantly publishing new patches to fix problems in software that they have sold. It's then up to the users of the software to apply the patches.

This wannacry or wanaceryt would have been avoided if users had updated and patched there operating systems  - Keep systems up to date and patched as soon as possible. 
 The CVEs for the vulnerabilities associated with WannaCry exploits are as follows: CVE-2017-0143; CVE-2017-0144; CVE-2017-0145; CVE-2017-0146; CVE-2017-0147; and CVE-2017-0148 • Segregate networks based on functionality and the need to access resources.

Source: 

Comments

Popular posts from this blog

Chain of Custody - OJ Simpson case

File Carving or Data Carving

Legal Issues with Social Networking