This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our private policy>

Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems

  • SA No:huawei-sa-20170513-01-windows
  • Initial Release Date: 2017-05-13
  • Last Release Date: 2017-05-23

Huawei noticed that the WannaCry ransomware targeting at Windows exploits multiple vulnerabilities in Windows Server Message Block v1 (SMBv1).

These vulnerabilities were disclosed by Microsoft in Microsoft security bulletin MS17-010 on March 14. Successful exploit of these vulnerabilities could allow an attacker to remotely execute arbitrary code on affected computers. (Vulnerability ID: HWPSIRT-2017-05052,HWPSIRT-2017-05053,HWPSIRT-2017-05054,HWPSIRT-2017-05055 and HWPSIRT-2017-05056)

The five vulnerabilities have been assigned five Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146 and CVE-2017-0148.

Huawei has released solutions to fix all these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170513-01-windows-en

1, For the following products, follow the Microsoft security bulletin to install the patch for MS17-010 or refer to section "Temporary Fix" to mitigate risks.

The Microsoft security bulletin MS17-010 is available at: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Microsoft also released security updates for Windows XP、Windows 8 and Windows Server 2003, Microsoft bulletin is available at:https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/


●AnyOffice

●eSpace ECS

●RH2288A V2

●BH620 V2

●FusionAccess

●RH2288E V2

●BH621 V2

●Hertz-W09

●RH2288H V2

●BH622 V2

●Hertz-W19

●RH2485 V2

●BH640 V2

●Hertz-W29

●RH2488 V2

●Bigdata Appliance

●Huawei solutions for SAP HANA

●RH5885 V2

●CH121

●iNIC

●RH5885 V3

●CH140

●L2800

●SMC2.0

●CH220

●N2000 Appliance

●SMSC

●CH221

●RH1288 V2

●TSM

●CH222

●RH1288A V2

●UC Audio Recorder

●CH240

●RH2265 V2

●UMA

●CH242

●RH2268 V2

●ViewPoint GK

●CH242 V3

●RH2285

●ViewPoint MM

●E6000

●RH2285 V2

●ViewPoint RM

●E6000 Chassis

●RH2285H V2

●X6000

●eLog

●RH2288 V2

●X8000

●ES3000



2, For the following products, install the patch or refer to section "Temporary Fix".


Product Name

Affected Version

Resolved Product and Version

OceanStor 18500/18800/18800F

V100R001

OceanStor18500_18800_18800F V100R001 SVPWindowsPatch201701

OceanStor 18500 V3/18800 V3

V300R003C00

OceanStor18500_18800 V300R003 SVPWindowsPatch201701

V300R003C10

V300R003C20


An attacker is possible to execute arbitrary code on vulnerable computers remotely by exploiting these vulnerabilities.

The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
HWPSIRT-2017-05052: 
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 
Temporal Score: 7.7 (E:F/RL:W/RC:C) 
HWPSIRT-2017-05053: 
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 
Temporal Score: 7.7 (E:F/RL:W/RC:C) 
HWPSIRT-2017-05054: 
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 
Temporal Score: 7.7 (E:F/RL:W/RC:C) 
HWPSIRT-2017-05055: 
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 
Temporal Score: 7.7 (E:F/RL:W/RC:C) 
HWPSIRT-2017-05056: 
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 
Temporal Score: 7.7 (E:F/RL:W/RC:C)

HWPSIRT-2017-05052,HWPSIRT-2017-05053,HWPSIRT-2017-05054,HWPSIRT-2017-05055 and HWPSIRT-2017-05056:
This vulnerability can be exploited only when the following conditions are present:
An attacker can access the vulnerable devices by network.
Vulnerability details:
The Server Message Block (SMBv1) in multiple Microsoft Windows operation systems exist multiple remote code execution vulnerabilities. An attacker is possible to execute arbitrary code on vulnerable computers remotely by exploiting these vulnerabilities.

1.Huawei has now updated the latest signature (IPS_H20011000_2017051304), which is suitable for Huawei's NGFW (next-generation firewall) with IPS functionality and data center firewall products. Upgrading the IPS signature can detect and defend against MS17-010 vulnerability exploit (EternalBlue code attack) initiated from Attacker.

2.Disable SMBv1, please setup your system by referencing the part "Workarounds" of Microsoft security bulletin MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx).

3.Startup firewall on devices, and close the TCP 445 port.

4.Upgrade the rules library of the firewall. Symantec and McAfee has released rules library to deal with these vulnerabilities. 

Symantec: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
McAfee: https://kc.mcafee.com/corporate/index?page=content&id=KB89335


Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.

This vulnerability was disclosed by Microsoft.

2017-05-23 V1.6 UPDATED Updated the "Software Versions and Fixes" section

2017-05-19 V1.5 UPDATED Updated the "Software Versions and Fixes" section

2017-05-18 V1.4 UPDATED Updated the "Software Versions and Fixes" section

2017-05-16 V1.3 UPDATED Updated the "Software Versions and Fixes" section

2017-05-15 V1.2 UPDATED Updated the "Software Versions and Fixes" section

2017-05-14 V1.1 UPDATED Updated the "Software Versions and Fixes" section

2017-05-13 V1.0 INITIAL

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.