Microsoft SMB vulnerabilities patch MS17-010 (Ransomware WannaCry) Impact to TIBCO Products
Article ID: KB0108121
Updated On:
| Products | Versions |
|---|---|
| All Products | - |
Description
Microsoft SMB Zero Day (WannaCry Ransomware Attack) vulnerabilities impact multiple versions of the Microsoft Windows operating system. Any software deployed on a vulnerable operating system is at risk. Customers are strongly encouraged to assess their exposure to these risks and are responsible for the security of the operating systems they use to run TIBCO software. As part of a comprehensive defense-in-depth strategy, TIBCO encourages all customers to stay current with operating system patches.
Issue/Introduction
Microsoft SMB vulnerabilities patch MS17-010 (Ransomware WannaCry) impact on TIBCO Products.
Resolution
Consider the following remediations.
1). To protect TIBCO products and any other software running on vulnerable systems, Microsoft recommends applying the patch that they have provided.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
2). If applying a patch is currently not feasible, disabling SMB/CIFS connectivity can prevent a particular attack. Microsoft describes how to temporarily disable SMB/CIFS functionality at the following.
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012. This is not recommended except as a short-term work-around, as it will break functionality on the machine.
3). Configure network routers to block outbound SMB. Consider blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.
https://www.kb.cert.org/vuls/id/867968
Disclaimer:
TIBCO provides this information regarding exposure to the known vulnerability in good faith and makes reasonable efforts to supply correct, current, and high quality guidance. However, TIBCO is releasing the results of our findings solely on an "as is" basis without any express or implied warranties, undertakings or guarantees.
1). To protect TIBCO products and any other software running on vulnerable systems, Microsoft recommends applying the patch that they have provided.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.
2). If applying a patch is currently not feasible, disabling SMB/CIFS connectivity can prevent a particular attack. Microsoft describes how to temporarily disable SMB/CIFS functionality at the following.
https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012. This is not recommended except as a short-term work-around, as it will break functionality on the machine.
3). Configure network routers to block outbound SMB. Consider blocking outbound SMB connections (TCP ports 139 and 445 along with UDP ports 137 and 138) from the local network to the WAN.
https://www.kb.cert.org/vuls/id/867968
Disclaimer:
TIBCO provides this information regarding exposure to the known vulnerability in good faith and makes reasonable efforts to supply correct, current, and high quality guidance. However, TIBCO is releasing the results of our findings solely on an "as is" basis without any express or implied warranties, undertakings or guarantees.
Additional Information
https://support.microsoft.com/en-us/help/4013081/title
https://technet.microsoft.com/en-us/library/security/ms17-017.aspx
http://www.kb.cert.org/vuls/id/867968
https://www.us-cert.gov/ncas/current-activity/2017/02/03/CERTCC-Reports-Microsoft-SMB-Vulnerability
https://technet.microsoft.com/en-us/library/security/ms17-017.aspx
http://www.kb.cert.org/vuls/id/867968
https://www.us-cert.gov/ncas/current-activity/2017/02/03/CERTCC-Reports-Microsoft-SMB-Vulnerability
Feedback
Yes
No
Powered by
