NSA logo

We raised the first alarm yesterday afternoon on social media, but it's official now. The first attack kits are out and the attack surface is huge.

Pardon my french, but it's appropriate this time: As of last night, every company who still uses Windows Server 2003 somewhere is 100% fucked. Not just now, but forever. And that's basically every larger enterprise I know. Newer Windows Server Versions up to 2012 must consider their internal network being breached. Same applies to Windows clients still running Windows 7 or even Windows XP.

Linux servers who still use the SMB1 protocol for network shares might as well be affected.

And that'll be only the tip of the iceberg, it seems. As a very first action, block port 445 in your firewalls, and update your Microsoft infrastructure to the newest available version, and yes, this includes client updates to Windows 10. 
As a second step, re-work your entire internal infrastructure, since you are already compromised. This is not about future attacks, it's about the present. 

Yes, this means that you might have to actually do something many decision makers always neglected to do, against good advice from all your suppliers. Those managers and the internal IT department leaders now receive the learning lesson for being slow, understaffed and low-budgeted. Best prepare for adjusting your business model as well.

And don't forget your cloud containers and virtual machines.

Further information about this particular issue can be found at Microsoft's Technet, where are warning already got published half a year ago: Stop Using SMB1


Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer