Share:|

As you have probably heard in the news, CVE-2017-0144 https://nvd.nist.gov/vuln/detail/CVE-2017-0144, a vulnerability that was identified about two months ago (published Mar 16 2017), is now being widely exploited in the wild, most visibly impacting hospitals in the UK’s National Health Service to the point that they’ve had to redirect incoming patients to other facilities.

 

The good news is that the vulnerability is addressed by Microsoft Bulletin MS17-010 https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and can easily identified and patched using BMC Client Management. 

 

This bulletin is available with the current version of the BCM patch Knowledge base (2.0.2.2417).

kb.JPG

 

This vulnerability is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012.

 

To get this bulletin in BCM, you must have applied the BCM hotfix made available in April 2017. More details here:

WannaCry: Important notice for customers using patch management with SQLServer or PostgreSQL databases

 

Once you have verified that you have the latest knowledge base in BCM, then you can use BCM to identify and patch any machines that are missing this critical patch.

Check out this video on how to use BCM to protect your systems from ransomware like WannaCry and other threats:

BCM Protects Against Wannacry and Other Ransomware Attacks