adamc

Vulns from Shadow Brokers

Discussion created by adamc on Apr 19, 2017
Latest reply on Jun 7, 2017 by adamc

QID -   TITLE

 

87284 - Microsoft Internet Information Services 6.0 Buffer Overflow Vulnerability - Shadow Brokers (EXPLODINGCAN) Zero Day

   ISSUE:  this only detects for IIS, not if the vulnerable service is running. will results in false positives.

 

91345 - Microsoft SMB Server Remote Code Execution Vulnerability (MS17-010) and Shadow Brokers

   COMMENT: this one actually tells you what the detection mechanism is and what to resolve.

           KB4012212 or KB4012215 is not installed
%windir%\System32\drivers\srv.sys Version is 6.1.7601.23517

 

91357 - Microsoft Windows SMBv1 Remote Code Execution - Shadow Brokers (ETERNALCHAMPION) - Zero Day MS17-010

   ISSUE:  the results section only contains "Microsoft Windows SMBv1 Remote Code Execution - Shadow Brokers (ETERNALCHAMPION, ETERNALSYSTEM) - Zero Day". This is useless to take action on. What is the detection mechanism?

 

91359 - Microsoft Windows Remote Privilege Escalation - Shadow Brokers (ETERNALROMANCE) - Zero Day MS17-010

   ISSUE:  the results only contains "Microsoft Windows Remote Privilege Escalation - Shadow Brokers (ETERNALROMANCE) - Zero Day".  This is useless to take action on. What is the detection mechanism?

 

91360 - Microsoft Windows SMBv1 and NBT Remote Code Execution - Shadow Brokers (ETERNALBLUE) - Zero Day

   ISSUE:  the results only contains "Microsoft Windows SMBv1 and NBT Remote Code Execution - Shadow Brokers (ETERNALBLUE) - Zero Day".  This is useless to take action on. What is the detection mechanism?

 

91361 - Microsoft Windows SMBv3 Remote Code Execution - Shadow Brokers (ETERNALSYNERGY) - Zero Day

   ISSUE:  the results only contains "Microsoft Windows SMBv3 Remote Code Execution - Shadow Brokers (ETERNALSYNERGY) - Zero Day". This is useless to take action on. What is the detection mechanism?

Outcomes