In view of recent events that have highlighted the persistent risk of the threat posed by cyber-attacks (http://www.bbc.co.uk/news/health-39899646) we strongly advised our customers to apply the following security update, released by Microsoft on March 14th this year: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx if not having done so already.
The NHS and other services were attacked last week by malware and ransomware causing significant disruption to services. Due to the fact the NHS primarily use Windows XP meant they were more vulnerable to such attacks and no longer be subject to the support offered by Microsoft.
Microsoft announced the vulnerability in Microsoft Server Message Block 1.0 (SMBv1) server on Monday 15th May. This service (SMB) is utilised to present shares, printers and more on a Microsoft Domain network.
This vulnerability exposed core Active Directory components to Remote Code Execution from unauthenticated attackers. They would be able to execute any code they wished to potentially gain access to the entire network. The patches Microsoft have provided should be installed as a matter of urgency. The released patches target the SMBv1 service and the way it handles the particular requests that can be used to exploit it.
Other ways of protecting against such attacks by being aware of malicious email attachments. If you’re not sure about it, then don’t open it. It’s another way attackers spread ransomware.
Please be assured that Storm Internet continues to take the necessary measures to ensure that our IT environment remains secure, in order that our customers, who depend on the resilience of our infrastructure for continuous service, also remain secure.