New critical vulnerability: WannaCry ransomeware

Microsoft Windows SMB server Eternalblue/WannaCry remote code execution vulnerability (MS17-010)

Effective Date: May 15, 2017

Product: Microsoft Server Message Block 1.0 (SMBv1) in many Microsoft Windows operating systems

Platform: Microsoft Windows XP, Vista, 2003, 2008, 7, 2008 R2, 2012, 8, 8.1, RT 8.1, 2012 R2, 10, and 2016

There is a vulnerability in SMBv1 on many Microsoft operating systems that allows remote code execution due to improper handling of certain requests. This allows an unauthenticated, remote attacker to exploit these vulnerabilities resulting in code execution. This vulnerability has been recently exploited, resulting in the spread of malware in the form of ransomware.

Patches have been released for unsupported operating systems such as Windows XP, Windows 2003 and Windows 8.

If you run a Windows operating system and are on the Fermilab network (wired network or fgz wireless), you MUST install patch MS17-010. Unpatched nodes on the Fermi network after 10 a.m. on Wednesday, May 17, may be blocked.

To patch this vulnerability, contact the Service Desk if you have a lab-owned machine, or visit Windows Update to install it on a personal device. If this is an embedded device, consult the device vendor. Do NOT try to download the patch yourself from the Internet, as those stand-alone sources may contain unwanted software or viruses.

Critical vulnerabilities are security vulnerabilities that are currently being exploited and pose an immediate danger to the lab and therefore require prompt attention by system administrators. The security team has detectors in place that will discover any unpatched critical vulnerabilities and initiate blocking of the affected system. For a list of previously declared critical vulnerabilities see https://web.fnal.gov/organization/SecurityPublic/SitePages/Critical%20Vulnerabilities.aspx