Microsoft recently released almost 100 patches for its operating systems, and the vulnerabilities disclosed are highly likely to be leveraged in the near future.
Included within Microsoft’s release was CVE-2017-8543, a new critical SMB remote code execution vulnerability. SMB is responsible for file and printer sharing, is required on Windows servers and is included by default in Windows workstations. It is therefore wormable to such an extent that systems can automatically become infected without requiring user interaction.
There are strong indications that this vulnerability is being actively exploited in the wild and is associated with the recent Shadow Brokers’ disclosures, as stated directly by Microsoft:
“Today, as part of our regular Update Tuesday schedule, we have taken action to provide additional critical security updates to address vulnerabilities that are at heightened risk of exploitation due to past nation-state activity and disclosures.”
MWR has observed a decrease on an ongoing basis in the time delta between release and weaponization. As this vulnerability affects all Windows operating systems, MWR fully expects to see a number of campaigns leveraging this vulnerability and strongly recommend prioritized and comprehensive deployment of the patches released with this advisory.
Detailed information on the security advisory are available here. Microsoft has released patches for supported operating systems, as well as taken the decision to patch unsupported operating systems once again.