Your browser is obsolete!

The page may not load correctly.

Vulnerable

Уязвимые

Other issues in this category (35)
  • add to favourites
    Add to Bookmarks

Holes left unpatched

Read: 20179 Comments: 2 Rating: 9

Thursday, July 20, 2017

Today we’re offering you a short issue about why vulnerabilities can be so persistent. Let's take the June ransomware outbreak as an example.

After the upheaval caused by Trojan.Encoder.11432 (WannaCry), it might appear as if only people living in a bubble haven’t heard about the SMB v1 vulnerability, and that by now it must have been patched or the protocol must have been disabled. However, Trojan.EternalRocks.1 and Trojan.Encoder.11536 (UIWIX) ravaged computers right after the WannaCry outbreak. That was despite the fact that the vulnerabilities should have been closed. How could this happen?

Let's assume we are reluctant to update our software and want to disable obsolete services.

Once smbv1 was disabled, our Kyocera printers stopped uploading scanned images into a share.

And our visual foxpro database, which serves 1,000+ users and operates over smb 2.0+, is corrupting files for some reason despite all of our efforts which include disabling oplock. So no, we didn't disable it.

https://habrahabr.ru/company/pc-administrator/blog/331906

Every system administrator has had to use some tricks. And a company’s management is unlikely to allocate additional finds to replace still working equipment merely because it uses an obsolete protocol.

As a result, old things remain in use. A ragged coat can still serve its master!

#vulnerability #exploit #Trojan.Encoder #encryption_ransomware #corporate_security #security_updates

The Anti-virus Times recommends

Alas, reservations that system administrators have about updates are not unsubstantiated. Sometimes updates carry risks.

Some remote server connection programs, such as Steam, Bluestacks, Nox, and game servers, no longer work. But the browser works just fine.

It will be difficult for home users to avoid situations like this, but corporate customers can test updates before they are applied in their networks. Dr.Web Enterprise Security Suite has this feature too.

#drweb

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments