Petya Ransomware Attack: What Should Companies Be Doing Right Now?

Several critical vulnerabilities with known exploits or proof-of-concept code should be the focus of everyone’s attention. The SMB exploits (EternalBlue and its siblings) resolved in Microsoft’s March Patch Tuesday update are just the start. Reportedly these are the same vulnerabilities the latest Petya variant uses. And we shouldn’t rely on a kill switch to save the day.

In addition, two more updates for known vulnerabilities, released on June Patch Tuesday, warrant attention.

CVE-2017-8543 – A vulnerability in Windows Search could allow an attacker to take complete control of the system. It could also be exploited over the network without authentication through SMB. It was flagged as “Exploited” when Microsoft released the update on June Patch Tuesday.

CVE-2017-8464 – A vulnerability in Microsoft Windows could allow remote code execution if an LNK file is processed. An attacker could craft a shortcut icon that provides the same rights as the local user. It’s a perfect USB drop scenario.

