Ransomeware : Petya follows wannacry

Hi Folks,

There is a new ransomeware out in the wild, named 'Petya'. It seems to be exploiting MS office and SMBv1 vulnerabilities.

Here are the vulnerability details

MS office handling of RTF documents.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0199

MS File sharing SMBv1 vulnerability.
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Fix availability

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

The above is also a fix for 'wannacry ransomeware' which is discussed in detail in the below URL

https://forums.manageengine.com/topic/wannacrypt-ransomware-worm-targets-out-of-date-systems-%e2%80%93-day-one-support-from-desktop-central

How to deploy these patches?

You can detect the patches are missing by following these steps:

Click Patch Mgmt >> Choose All Patches >> Choose Applicable Patches(Detailed View) >> Search KB^* ( given below ) in the Patch Description box >> You can identify the computers that are missing the critical patches or already have the patches installed on them.

KB^*
MS17-APR1 - KB4015549, KB4015551 - Superseded by May month release (MS17-MAY6)
MS17-APR3 - KB3141529,KB3141538,KB3178710,KB3178703 - Superseded by May month release ( MS17-MAY3)
MS17-APR7 - 4015546,4014793,4015548

Regards,

-----

R Romanus Prabhu

Technical Account Manager

Desktop and Mobile Device Management Solution

Direct Support : +1 408 916 9886

Toll Free: +1 888 720 9500 (US) | 0800 028 6590 (UK) | +1 800 631 268 (AUS)