SMB

未更新のシステム脆弱性を狙う WannaCrypt ランサムウェア

マイクロソフトは、2017 年 5 月 12 日に、修正済みの脆弱性を悪用してワームのように拡散する新しいランサムウェアを検出しました。ほとんどのコンピューターには自動的にセキュリティ更新プログラムが適用されていますが、修正プログラムの展開が遅れているユーザーや企業も少なからず存在します。WannaCrypt (英語) と呼ばれるランサムウェアは、このように脆弱性の対策がされていないコンピューターに影響を与えます。この攻撃は現在も拡大しています。まだ MS17-010 をインストールしていないユーザーの皆様は、速やかにご対応いただけるよう再度お願いいたします。

ランサムウェア WannaCrypt 攻撃に関するお客様ガイダンス

2017 年 5 月 12 日 (米国時間) より、マイクロソフトは、イギリスを始めとする複数の国の医療機関やその他の企業に影響を及ぼすランサムウェアによるサイバー攻撃を確認しています。このランサムウェアは Wanna Cryptor マルウェア (WannaCrypt, WannaCry, WannaCryptor, Wcry などと呼ばれる) の亜種であると思われます。このブログでは、WannaCrypt の概要およびお客様が必要なアクションを記載しています。

Assessing the risk of the June security updates

Today we released 16 security bulletins. Nine have a maximum severity rating of Critical and seven have a maximum severity rating of Important. This release addresses several publicly disclosed vulnerabilities. We hope that the table below helps you prioritize the deployment of the updates appropriately for your environment. Bulletin Most likely attack vector Max Bulletin …

Assessing the risk of the June security updates Read More »

MS11-019 and MS11-020: April SMB Updates

This month we released updates for the SMB client and server components (MS11-019 and MS11-020 respectively). These bulletins address three externally-reported issues, but also include fixes for several issues that Microsoft identified internally. This blog post provides background on these issues and the work done internally at Microsoft to improve SMB security. Finding and issuing …

MS11-019 and MS11-020: April SMB Updates Read More »

Notes on exploitability of the recent Windows BROWSER protocol issue

Earlier this week a PoC exploit for a vulnerability in the BROWSER protocol was released on Full Disclosure. There has been some discussion regarding whether this issue can result in Remote Code Execution (RCE) or is only a Denial of Service (DoS). This blog post provides details on the exploitability based on our internal analysis. …

Notes on exploitability of the recent Windows BROWSER protocol issue Read More »

MS10-054: Exploitability Details for the SMB Server Update

This month Microsoft released an update for Windows to address three vulnerabilities in the SMB Server component. Two of the vulnerabilities are remote denial-of-service (DoS) attacks, while one (CVE-2010-2550) has the potential for remote code execution (RCE). This blog post provides more details on the exploitability of CVE-2010-2550, and outlines why the risk of reliable …

MS10-054: Exploitability Details for the SMB Server Update Read More »

MS10-020: SMB Client Update

Today Microsoft released MS10-020, which addresses several vulnerabilities in the Windows SMB client. This blog post provides additional details to help prioritize installation of the update, and understand the attack vectors and mitigations that apply. Client-side vulnerabilities The first thing to realize is that this update addresses vulnerabilities in the SMB client in Windows. Typically, machines …

MS10-020: SMB Client Update Read More »

MS10-006 and MS10-012: SMB security bulletins

Today we released two bulletins to address vulnerabilities in SMB. MS10-006 addresses two vulnerabilities in the SMBv1 client implementation, and MS10-012 addresses four vulnerabilities in the SMB server implementation. In this blog entry, we want to help you understand the vulnerabilities and better prioritize the updates. What are the SMB server vulnerabilities and how could …

MS10-006 and MS10-012: SMB security bulletins Read More »

MS09-050: Exploit timeline for the SMB2 RCE vulnerability

This month we are releasing update MS09-050 to address the SMBv2 RCE vulnerability (CVE-2009-3103). Due to the fact that public exploit code exists for this vulnerability, we felt it would be good to summarize the exploit landscape at the time of release, so customers can use this information to prioritize the deployment of the update. …

MS09-050: Exploit timeline for the SMB2 RCE vulnerability Read More »

Update on the SMB vulnerability situation

We’d like to give everyone an update on the situation surrounding the new Microsoft Server Message Block Version 2 (SMBv2) vulnerability affecting Windows Vista and Windows Server 2008. Easy way to disable SMBv2 First exploit for code execution released to small number of companies Mitigations that help prevent attacks Status of fixes Easy way to …

Update on the SMB vulnerability situation Read More »