Exploit Details:
On Friday, a group calling themselves “Shadow Brokers” published hacking tools on the internet that they claim were stolen from the NSA. The software contains tools to easily compromise unpatched Windows machines and so we are sending you this alert in order to make sure you are secure.
If you are running Windows 2008 or Windows 2012 then please make sure your VM is up to date with Windows Updates as of the March update cycle. This is extremely important.
If your Windows OS is not up to date as of last month then you are at high risk of compromise or denial of service – please install windows updates immediately.
If you are still running Windows 2003 and have IIS running then upgrade your operating system (OS) immediately. Your OS is insecure and we do not believe Microsoft intends to publish a security update. CNS techs will help you get your OS upgrade – please do not hesitate to ask. If you are running Windows 2003 without IIS then your OS is still believed to be secure at this time, but we strongly recommend an upgrade is completed as soon as possible. It is likely to become insecure at some point in the future.
The code to execute these exploits is now in the wild and it is only a matter of time before attacks begin, if they have not already.
If you are unable to install updates and reboot your 2008 or 2012 OS, open a powershell window and enter the following command to disable SMB v1: (No way to patch 2003)
Windows 2008: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Windows 2012: Set-SmbServerConfiguration -EnableSMB1Protocol $false
What CNS is doing to protect you:
CNS is currently blocking the TCP ports required to trigger these attacks at the network edge. However, it is unlikely that we will be able to maintain this block into the work week because it will impact subscribers who use these same ports for legitimate means. Please use this window of opportunity to update your Windows server as soon as possible.
We are also sending you this alert so that you can make sure you are protected before attacks begin. Please do not hesitate to contact CNS Support for assistance. We can not install this update for you automatically becuase a reboot is required. However, please feel free to request we install updates via support ticket and don't forget to acknowledge a reboot is ok.
Keeping your VM up to date is the best way to keep it safe from exploits.
More information:
Ars Technica
Microsoft
Getting Help
Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you. We maintain a ticketing system in order to effectively address and track your support issues. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.
You can also reach our helpdesk by telephone. Call any number.
San Diego, CA: +1 (619) 225-7882 Los Angeles, CA: +1 (213) 769-1787 / New York, NY: +1 (646) 930-7435 / London, UK: +44 (2037) 460080