https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4204#M3767 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://community.checkpoint.com/migrated-users/2100">https://community.checkpoint.com/people/kvars7afe82cf-43ef-4b52-9446-6ac8ba07ce69</A>‌ do you think we can do a serious of these explainations for all of the elements in EternalRocks?</P></BODY></HTML> Tue, 25 Jul 2017 10:14:51 GMT Evan_Dumas 2017-07-25T10:14:51Z https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4203#M3766 <HTML><HEAD></HEAD><BODY><P>EternalBlue is the a software vulnerability in Microsoft's Windows operating system. It is&nbsp;"Windows SMB Remote Code Execution Vulnerability", and&nbsp;described in CVE-2017-144. The vulnerability exploits Microsoft server message block 1.0 (SMBv1) - a network file sharing protocol. It&nbsp;allows remote attackers to execute arbitrary code via crafted packets, as this vulnerable protocol allows applications on the windows system to read and write to files and request various services that are on same network. This vulnerability become even more lethal with its expose over internet through TCP port 445 - a security research found over a million devices exposing SMB over TCP 445, thus can be attacked from anywhere in the Internet. &nbsp;</P><P>Microsoft issued a critical security bulletin <A href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx">MS17-010</A> on 14-March-2017, which included patch for EternalBlue and other SMB related CVEs. Even though this security patch for windows was made available long before&nbsp;<A href="http://blog.checkpoint.com/2017/05/16/crying-futile-sandblast-forensic-analysis-wannacry/">WannCry</A>&nbsp;and&nbsp;<A href="http://blog.checkpoint.com/2017/07/03/brokers-shadows-part-2-analyzing-petyas-doublepulsarv2-0-backdoor/">Petya</A>&nbsp;ransomware, but many systems around the world remained unpatched; and hence fallen victim to these ransomware. Even&nbsp;after these security incidents followed by awareness drive,&nbsp;1000s of machines still vulnerable to SMBv1 exposure. For large organizations with tens of thousands of hosts, it is extremely difficult to find vulnerable hosts - these are the blind spots in a business network. Security admins must continue to&nbsp;regularly scan for EternalBlue vulnerabilities,&nbsp;disable the SMBv1 protocol, and apply latest patches. But&nbsp;there maybe many more unknown vulnerabilities in this or other protocol - &nbsp;the zero-days.&nbsp;</P><P>Check Point SandBlast Zero-Day protection family of products protects organization against such zero-day attacks at network gateway, on the endpoint, and in the cloud. Learn more at&nbsp;<A href="https://www.checkpoint.com/products-solutions/zero-day-protection/" title="https://www.checkpoint.com/products-solutions/zero-day-protection/">SandBlast Zero-Day Protection | Check Point Software</A>&nbsp;&nbsp;</P><P style="color: #000000; margin: 0.8em 0px;"><SPAN style="background-color: #ffffff; color: #413f41; font-size: 14.0832px;"><A href="https://community.checkpoint.com/migrated-users/43544">Jony Fischbein</A>‌&nbsp;</SPAN></P></BODY></HTML> Sat, 15 Jul 2017 21:28:11 GMT https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4203#M3766 Kaushal_Varshne 2017-07-15T21:28:11Z https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4204#M3767 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://community.checkpoint.com/migrated-users/2100">https://community.checkpoint.com/people/kvars7afe82cf-43ef-4b52-9446-6ac8ba07ce69</A>‌ do you think we can do a serious of these explainations for all of the elements in EternalRocks?</P></BODY></HTML> Tue, 25 Jul 2017 10:14:51 GMT https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4204#M3767 Evan_Dumas 2017-07-25T10:14:51Z https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4205#M3768 <HTML><HEAD></HEAD><BODY><P>Hi <A href="https://community.checkpoint.com/migrated-users/44203">https://community.checkpoint.com/people/eduma846337c8-57d0-40ab-aea0-4aa6da5cf474</A>‌, Yes we can and should do a series of technical explanation of key cyber security incidents. Let me know if you have any such incident in mind.</P></BODY></HTML> Tue, 25 Jul 2017 21:28:34 GMT https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4205#M3768 Kaushal_Varshne 2017-07-25T21:28:34Z https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4206#M3769 <HTML><HEAD></HEAD><BODY><P>EternalRocks has 7 components. 1 used in wannacry, one in not petya. Would love to see explaination of each</P><P></P><P></P><P>-Evan</P><P></P><P>Sent securely while mobile</P></BODY></HTML> Wed, 26 Jul 2017 03:59:59 GMT https://community.checkpoint.com/t5/Endpoint/EternalBlue-1000s-of-machines-still-vulnerable/m-p/4206#M3769 Evan_Dumas 2017-07-26T03:59:59Z