Security & Compliance Blog

How SecOps Response Service Addresses WannaCry Ransomware

BMC Software
Sean Berry
by BMC Software, Sean Berry

So, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities.

This vulnerability is addressed by Microsoft Bulletin MS17-010, which is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012 (thanks to Joe Schuler)

Part of what makes the vulnerability so serious is that it doesn’t require direct action by the user, simply having the vulnerability and being on the same network as an infected host can expose your system to the ransomware.

Wana Decrypt0r screenshot.png
(source: Wikipedia)

So, how do we address this using SecOps Response?

I imported my latest scan info, then went over to the Operator Dashboard.  Filter by “CVE-2017-0144”, and it shows me exactly which systems have this vulnerability detected on, and that the oldest detection is 22 days old (and now in violation of SLA, being a critical vulnerability):

I scroll down and see all the systems that I can remediate.

Click remediate:

I’m going to deselect one server, but continue with the rest:

Select “Execute Now”:

Select some notifications, then hit execute now.

Isn’t that easy?

This post originally appeared on BMC Communities: https://communities.bmc.com/community/bmcdn/secops-response-service/blog/2017/05/13/wannacry-cve-2017-0144-ms17-010-on-secops-response

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn how you can maintain better security and compliance in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

About the author

BMC Software

BMC Software

BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimized. From mainframe to mobile to cloud and beyond, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 15,000 customers worldwide including 92 of the Forbes Global 100.

About the author

Sean Berry

Sean Berry

Sean Berry is a Solution Evangelist in BMC’s Security, Compliance, and Automation group, responsible for BMC’s SecOps Response Service and BladeLogic Server Automation. He has more than 15 years of production operations, consulting and automation experience, including everything from e-commerce, insurance and software development. He has passion for the success of his customers, and has done everything from professional services and pre-sales to customer engineering. In his occasional free time, he transports rescue dogs by air and land, and experiments with lasers, molten plastic, and mode 2 computing.