Security & Compliance Blog

How SecOps Response Service Addresses WannaCry Ransomware

BMC Software
Sean Berry
3 minute read
BMC Software, Sean Berry
image_pdfimage_print

So, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities.

This vulnerability is addressed by Microsoft Bulletin MS17-010, which is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012 (thanks to Joe Schuler)

Part of what makes the vulnerability so serious is that it doesn’t require direct action by the user, simply having the vulnerability and being on the same network as an infected host can expose your system to the ransomware.

Wana Decrypt0r screenshot.png
(source: Wikipedia)

So, how do we address this using SecOps Response?

I imported my latest scan info, then went over to the Operator Dashboard.  Filter by “CVE-2017-0144”, and it shows me exactly which systems have this vulnerability detected on, and that the oldest detection is 22 days old (and now in violation of SLA, being a critical vulnerability):

I scroll down and see all the systems that I can remediate.

Click remediate:

I’m going to deselect one server, but continue with the rest:

Select “Execute Now”:

Select some notifications, then hit execute now.

Isn’t that easy?

This post originally appeared on BMC Communities: https://communities.bmc.com/community/bmcdn/secops-response-service/blog/2017/05/13/wannacry-cve-2017-0144-ms17-010-on-secops-response

Dummies Guide to Security Operations

When security and operations teams collaborate closely, they can protect your business more effectively against all kinds of threats. Learn more in the SecOps For Dummies guide.
Download Now ›

These postings are my own and do not necessarily represent BMC's position, strategies, or opinion.

See an error or have a suggestion? Please let us know by emailing blogs@bmc.com.

About the author

BMC Software

BMC Software

BMC delivers software, services, and expertise to help more than 10,000 customers, including 92% of the Forbes Global 100, meet escalating digital demands and maximize IT innovation. From mainframe to mobile to multi-cloud and beyond, our solutions empower enterprises of every size and industry to run and reinvent their businesses with efficiency, security, and momentum for the future.

About the author

Sean Berry

Sean Berry

Sean Berry is a Solution Evangelist in BMC’s Security, Compliance, and Automation group, responsible for BMC’s SecOps Response Service and BladeLogic Server Automation. He has more than 15 years of production operations, consulting and automation experience, including everything from e-commerce, insurance and software development. He has passion for the success of his customers, and has done everything from professional services and pre-sales to customer engineering. In his occasional free time, he transports rescue dogs by air and land, and experiments with lasers, molten plastic, and mode 2 computing.