Tag / SMBv1

A couple of days ago, I published a free tool to scan your Active Directory for all Windows based Systems and report if the EternalBlue (WannaCry) related Hotfixes are installed.   Today, I published a new and extended version of the tool: The scan is much more accurate and it also reports the EternalBlue (WannaCry) related […]

Read More

A few days ago, I published an article about a script that could scan all systems within an Active Directy for missing WannaCry-related Microsoft Patches (Hotfixes). I was impressed by the traffic and the feedback! To be honest: When I started the script, it was just a kind of a quick hack! Based upon several […]

Read More

WannaCrypt ransomware appeared on May 12, 2017 and distributes itself like a typical worm. It uses well known, and already patched vulnerabilities in the SMBv1 implementation of Windows based systems. The Exploit that the WannaCrypt ransomware is known as “EternalBlue” vulnerability (CVE-2017-0145). It sends a special package (or packages) to the target systems SMBv1 server. […]

Read More

Many think it is safe now, because someone found a kill-switch. That is wrong, totally wrong! The WannaCry wave is not over. some even talk about a newer version that seems to have another password an doesn’t use the known kill-switch. But it looks like these derivates are using the same way (SMBv1 Vulnerability) to redistribute […]

Read More

I recently published an article and a gist howto disable SMBv1 with PowerShell and DSC. Now some asked if there is an easy way to do that and to avoid the DSC usage.

Read More