Shulou(Shulou.com)06/01 Report--

Recently, some information security teams in China have issued security alerts one after another, saying that the domestic ransomware epidemic is very serious, governments, enterprises and individual users are among the most vulnerable, and system vulnerabilities are the main entry point of ransomware. Old friends science and technology here remind the majority of computer users, for key system vulnerabilities must be patched in time, and do relevant inspections. This article describes how to handle two high-risk system vulnerabilities.

1. Eternalblue ransomware vulnerability

Eternal Blue refers to a worm malicious code that has been spreading worldwide since May 12, 2017 based on the Windows network sharing protocol. The criminals initiated the network *** event by modifying the "Eternal Blue"** program in the previously leaked NSA** arsenal. In Britain, Russia, Europe and China, many university intranet, large enterprise intranet and government agency private network were recruited and extorted to pay high ransom to decrypt and recover documents.

Eternal Blue (Eternalblue) vulnerability case The server of a listed company in Fujian was ransomized by Ransom/Bunnyde***, causing the ERP (financial system) database at the core of the enterprise to be encrypted. The computer of a personal website operator was infected with ransomware, causing most of the data on its website to be encrypted. It was forced to temporarily shut down the website. When a university student's computer was connected to the school network, it was infected by ransomware that entered through a loophole in the campus network host system. All files, including thesis, are encrypted. Solution to Eternalblue vulnerability.

Microsoft has released MS17-010 patch on March 14, 2017, fixing the "Eternal Blue"*** system vulnerability

Method 1: Manual Repair

Download and install Windows security update KB4012212(security update only) or KB4012215(monthly summary)(Windows 7 and Windows Server 2008 R2 systems only) After patching, you can check system immunity using the free tool NetFrog Desktop Mini programs from Old Friends Technology

Method 2: Install the NSA immunity tool in 360 Security Guard.

Installation method: click "function book"->"data security"->"NSA immunity tool"-> click "add" button.

2. Background of CPU high-risk vulnerability 2018.1.3 Foreign security researchers publicly disclose Meltdown and Spectre CPU vulnerabilities. 2018.1.3 Microsoft releases security update patch for CPU vulnerability KB40568972018.2.13 Microsoft releases February security patch containing CPU vulnerability repair KB4074587 Microsoft January and February 2018 Windows 7 x64 and Windows Server 2008 R2 security patches found to have serious vulnerabilities (Total Meltdown), the patch incorrectly sets PML4 permissions to user level, causing arbitrary user mode processes to read and write arbitrarily to the system kernel. Meltdown: Unauthorized Malicious Data Cache Loading (CVE-2017-5754) Spectre: Bypass of Boundary Checking (CVE-2017-5753) and Branch Target Injection (CVE-201-5715) TotalMeltdown: Foreign security researchers found a fatal error in Microsoft's January and February 2018 Windows 7 x64 and Windows Server 2008 R2 security updates, where Microsoft developers mistakenly set kernel-only PML4 (Page Map Level 4) page tables to user-accessible, allowing arbitrary processes to read and write arbitrary CPU to the kernel. Cloud computing servers: Access to memory data of other tenants through vulnerabilities, leading to sensitive information from other cloud tenants. Personal computer/smart phone/smart terminal device: visit malicious website through browser, resulting in leakage of victim's account, password, email, cookie and other information. *** The vulnerability allows arbitrary reads and writes to the system kernel to fully control the victim machine CPU vulnerability solution

Method 1: Manual Repair

Download and install Windows Update KB4093108(security update only) or KB4093118(monthly summary)(Windows 7 and Windows Server 2008 R2 systems only) After patching, you can check your system immunity using the free tool NetFrog Desktop Mini programs from Old Friends Technology

Method 2: Install Total Meltdown Vulnerability Detection Tools

Download Rift Tools Download Address

Related Products NetFrog Desktop Mini programs

To view the original article, please visit Fujian Old Friends official website security tips: ransomware vulnerabilities and CPU vulnerabilities must be careful

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.