How SecOps Response Service Addresses WannaCry Ransomware

BY and

So, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities.

This vulnerability is addressed by Microsoft Bulletin MS17-010, which is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012 (thanks to Joe Schuler)

Part of what makes the vulnerability so serious is that it doesn’t require direct action by the user, simply having the vulnerability and being on the same network as an infected host can expose your system to the ransomware.

Wana Decrypt0r screenshot.png
(source: Wikipedia)

So, how do we address this using SecOps Response?

I imported my latest scan info, then went over to the Operator Dashboard.  Filter by “CVE-2017-0144”, and it shows me exactly which systems have this vulnerability detected on, and that the oldest detection is 22 days old (and now in violation of SLA, being a critical vulnerability):

I scroll down and see all the systems that I can remediate.

Click remediate:

I’m going to deselect one server, but continue with the rest:

Select “Execute Now”:

Select some notifications, then hit execute now.

Isn’t that easy?

This post originally appeared on BMC Communities: https://communities.bmc.com/community/bmcdn/secops-response-service/blog/2017/05/13/wannacry-cve-2017-0144-ms17-010-on-secops-response

Forbes & BMC: SecOps Survey


Explore new security policies and technologies to keep pace with your evolving business. This Forbes survey report examines the industry response to unprecedented risks and threats.

Download Report ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

Share This Post


BMC Software

BMC Software

BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimized. From mainframe to mobile to cloud and beyond, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 15,000 customers worldwide including 82 percent of the Fortune 500.

Sean Berry

Sean Berry

Sean Berry is a Solution Evangelist in BMC’s Data Center Automation & Cloud group, responsible for BMC BladeLogic Threat Director and Server Automation. He has more than 15 years of production operations, consulting and automation experience, including everything from e-commerce, insurance and software development. He has passion for the success of his customers, and has done everything from professional services and pre-sales to customer engineering. In his occasional free time, he transports rescue dogs by air and land, and experiments with lasers, molten plastic, and mode 2 computing.