Phone Number

973.786.1105

Critical Security Update For Ransomware & Protection

by | May 13, 2017 | Blog, Security

This is a notification deemed as “Emergency” due to security impact that it is having. If you have a Windows server with us, please read below (it does not affect Linux servers).

In view of recent events that have highlighted the persistent risk of the threat posed by cyber-attacks
( http://www.bbc.co.uk/news/health-39899646 ) we strongly advise our customers to apply the following security update, released by Microsoft on March 14th this year: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396 as bare minimum and latest Windows updates which include May security roll up (which includes all of the above), if not having done so already.

Microsoft have announced a vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server today. This service (SMB) is utilised to present shares, printers and more on a Microsoft Domain network.

This vulnerability exposes core Active directory components to Remote Code Execution from unauthenticated attackers. They would be able to execute any code they wished to potentially gain access to the entire network. The patches Microsoft have provided should be tested installed as a matter of urgency.

Specific Security reports of the Common Vulnerabilities and Exposures (CVEs) are below –

Windows SMB Remote Code Execution Vulnerability : CVE-2017-0143
Windows SMB Remote Code Execution Vulnerability : CVE-2017-0144
Windows SMB Remote Code Execution Vulnerability : CVE-2017-0145
Windows SMB Remote Code Execution Vulnerability : CVE-2017-0146
Windows SMB Remote Code Execution Vulnerability : CVE-2017-0148

The released patches target the SMBv1 service and the way it handles the particular requests that can be used to exploit it.

We will proceed with applying latest Windows updates on all Fully Managed Windows servers on our network along with host machines which will in turn be rebooted over this weekend.

If you are not on fully managed service level, you MUST install latest Windows Security Updates manually in your server at your end.


Ongoing Protection

We hugely recommend all customers to have 24/7 protection enforced in your server by using business grade anti-malware and anti-ransomware which is meant for server systems (and -not- PC based operating systems like Windows 7 / 8 / 10). We provide MalwareBytes Business Endpoint Security Suite containing Anti-Malware, Anti-Ransomware and Anti-Exploit with real time protection which has been high effective. This is available at $65/yr per server.

Furthermore, to block malicious / brute force attempts, we recommend RDPGuard which auto blocks source IP’s and provides protection against RDP, MS SQL, Mail, etc brute force attacks. This is available at $59.95 discounted.

For all critical systems, we recommend Intrusion Detection & Prevention system with our enterprise grade firewall.

Please click here if you’d like to purchase any of the above suites.

More Info – If you’d like to read more about the the worm that spreads WanaCrypt0r, MalwareBytes LABS have a detailed explanation in their blog post.

SoftSys Hosting USA Inc.
www.SoftsysHosting.com