details

As the WannaCry ransomware (MS17-010) has spread globally in the last 24 hours and severely impacted the National Health System and locked hospital workers out of critical healthcare patient data,  Brad Hegrat, IOActive’s Director of Advisory Services, explains the impact of WannaCry on industrial control systems (ICS).

A few weeks ago back in mid-March (2017), Microsoft issued a security bulletin (MS17-010) and patch for a vulnerability that was yet to be publicly disclosed or referenced.  According to the bulletin, “the most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server. This security update is rated Critical for all supported releases of Microsoft Windows.”  https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Normally, when Microsoft issues a patch or security there is an acknowledgement on their website regarding the disclosure. Below is the website and it is an interesting process at this point to make a visit – https://technet.microsoft.com/en-us/library/security/mt745121.aspx

The impact of WannaCry on industrial control systems (ICS)