Security Advisory - 'WannaCry ransomware' Vulnerabilities in Microsoft Windows Systems
- SA No:huawei-sa-20170513-01-windows
- Initial Release Date: May 13, 2017
- Last Release Date: Jun 24, 2020
Huawei noticed that the WannaCry ransomware targeting at Windows exploits multiple vulnerabilities in Windows Server Message Block v1 (SMBv1).
These vulnerabilities were disclosed by Microsoft in Microsoft security bulletin MS17-010 on March 14. Successful exploit of these vulnerabilities could allow an attacker to remotely execute arbitrary code on affected computers. (Vulnerability ID: HWPSIRT-2017-05052,HWPSIRT-2017-05053,HWPSIRT-2017-05054,HWPSIRT-2017-05055 and HWPSIRT-2017-05056)
The five vulnerabilities have been assigned five Common Vulnerabilities and Exposures (CVE) IDs: CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146 and CVE-2017-0148.
Huawei has released solutions to fix all these vulnerabilities. This advisory is available at the following link:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170513-01-windows-en
For the following products, follow the Microsoft security bulletin to install the patch for MS17-010 or refer to section "Temporary Fix" to mitigate risks.
The Microsoft security bulletin MS17-010 is available at: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Microsoft also released security updates for Windows XP、Windows 8 and Windows Server 2003, Microsoft bulletin is available at: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|
●AnyOffice |
●Hertz-W29 |
●RH2288 V2 |
|
●BH620 V2 |
●Huawei solutions for SAP HANA |
●RH2288A V2 |
|
●BH621 V2 |
●iNIC |
●RH2288E V2 |
|
●BH622 V2 |
●L2800 |
●RH2288H V2 |
|
●BH640 V2 |
●N2000 Appliance |
●RH2485 V2 |
|
●Bigdata Appliance |
●OceanStor 18500 |
●RH2488 V2 |
|
●CH121 |
●OceanStor 18500 V3 |
●RH5885 V2 |
|
●CH140 |
●OceanStor 18500F V3 |
●RH5885 V3 |
|
●CH220 |
●OceanStor 18800 |
●Seco VSM |
|
●CH221 |
●OceanStor 18800 V3 |
●Secospace AntiDDoS8000 |
|
●CH222 |
●OceanStor 18800F |
●Secospace AntiDDoS8030 |
|
●CH240 |
●OceanStor 18800F V3 |
●Secospace AntiDDoS8160 |
|
●CH242 |
●OceanStor Backup Software |
●SMC2.0 |
|
●CH242 V3 |
●OceanStor HVS85T |
●SMSC |
|
●E6000 |
●OceanStor HVS88T |
●TSM |
|
●E6000 Chassis |
●RH1288 V2 |
●UC Audio Recorder |
|
●eLog |
●RH1288A V2 |
●UMA |
|
●ES3000 |
●RH2265 V2 |
●ViewPoint GK |
|
●eSpace ECS |
●RH2268 V2 |
●ViewPoint MM |
|
●FusionAccess |
●RH2285 |
●ViewPoint RM |
|
●Hertz-W09 |
●RH2285 V2 |
●X6000 |
|
●Hertz-W19 |
●RH2285H V2 |
●X8000 |
The vulnerability classification has been performed by using the CVSSv3 scoring system (http://www.first.org/cvss/specification-document).
HWPSIRT-2017-05052:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.7 (E:F/RL:W/RC:C)
HWPSIRT-2017-05053:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.7 (E:F/RL:W/RC:C)
HWPSIRT-2017-05054:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.7 (E:F/RL:W/RC:C)
HWPSIRT-2017-05055:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.7 (E:F/RL:W/RC:C)
HWPSIRT-2017-05056:
Base Score: 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
Temporal Score: 7.7 (E:F/RL:W/RC:C)
This vulnerability can be exploited only when the following conditions are present:
An attacker can access the vulnerable devices by network.
Vulnerability details:
The Server Message Block (SMBv1) in multiple Microsoft Windows operation systems exist multiple remote code execution vulnerabilities. An attacker is possible to execute arbitrary code on vulnerable computers remotely by exploiting these vulnerabilities.
1.Huawei has now updated the latest signature (IPS_H20011000_2017051304), which is suitable for Huawei's NGFW (next-generation firewall) with IPS functionality and data center firewall products. Upgrading the IPS signature can detect and defend against MS17-010 vulnerability exploit (EternalBlue code attack) initiated from Attacker.
2.Disable SMBv1, please setup your system by referencing the part "Workarounds" of Microsoft security bulletin MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx).
3.Startup firewall on devices, and close the TCP 445 port.
4.Upgrade the rules library of the firewall. Symantec and McAfee has released rules library to deal with these vulnerabilities.
Symantec: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
McAfee: https://kc.mcafee.com/corporate/index?page=content&id=KB89335
Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades. For TAC contact information, please refer to Huawei worldwide website at http://www.huawei.com/en/psirt/report-vulnerabilities.
2020-06-24 V1.7 UPDATED Updated the "Software Versions and Fixes" section
2017-05-23 V1.6 UPDATED Updated the "Software Versions and Fixes" section
2017-05-19 V1.5 UPDATED Updated the "Software Versions and Fixes" section
2017-05-18 V1.4 UPDATED Updated the "Software Versions and Fixes" section
2017-05-16 V1.3 UPDATED Updated the "Software Versions and Fixes" section
2017-05-15 V1.2 UPDATED Updated the "Software Versions and Fixes" section
2017-05-14 V1.1 UPDATED Updated the "Software Versions and Fixes" section
2017-05-13 V1.0 INITIAL
None
Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.
To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.
To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.
