Alert icon

Your PC is vulnerable to the "WannaCry / DoublePulsar" attack!

Your PC is vulnerable to the infamous "WannaCry" ransomware worm which uses an attack known as "DoublePulsar".

Description


Your PC is vulnerable to the infamous "WannaCry" ransomware worm which uses an attack known as "DoublePulsar". The affected PC is running an old version of Windows File and Printer Sharing which contains a serious bug. Attackers can infect your PC over the network without your knowledge and install malware remotely. This is what enabled the WannaCry (WanaCrypt0r) ransomware to infect thousands of computers worldwide on May 12th, 2017.

Follow the instructions in Solution to solve this issue and prevent WannaCry and further threats of this nature from infecting your PC.

Solution


To solve this problem, immediately install the MS17-010 security update on the affected system. Select your Windows version to view further instructions on how to fix the problem:

Windows 10

Windows 8 / 8.1

Windows 7

Windows Vista

Windows XP

Details

We have identified the following problem with a PC in your network:

EternalBlue vulnerablity in Microsoft Windows File and Printer Sharing service


Severity: High

Reference: MS17-010 | CVE-2017-0143

Description:
The affected PC is running an outdated version of the Windows File and Printer Sharing service (SMB), which contains a vulnerability known as EternalBlue, designated CVE-2017-0143. Microsoft released a fix for this vulnerability for Windows 10, Windows 8.1, Windows 7, and Windows Vista in security bulletin MS17-010, issued in March 2017, and for Windows 8 and Windows XP in May 2017. However, many systems, including the one your network scan has found, remained unpatched at the time of the attack.

Impact:
The vulnerability allows for remote code execution over the network. This means that if file sharing is on and TCP port 445 is not blocked by a firewall, a malicious actor can use the "DoublePulsar" exploit code, which leaked from the NSA in April 2017, to remotely gain control over the PC and potentially install malware. This happened on a large scale on May 12, 2017, when the WannaCry (WanaCrypt0r) ransomware worm abused the vulnerability and exploit to infect thousands of computers worldwide. You can find more information about the ransomware attack on our blog:

»  Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today

In technical details, the vulnerability affects unpatched implementations of the first version of the SMB protocol (commonly known as SMBv1). SMBv2 and newer, which are available from Windows 7 onwards, are not affected. However, even newer systems still have SMBv1 support and should be immediately patched or at least have SMBv1 disabled. All Microsoft Windows versions from Windows XP to Windows 10 Anniversary Update are potentially affected. Other operating systems running different implementations of the SMB protocol (such as Samba on Linux) are not vulnerable to this attack.

Recommendation:
Apply the MS17-010 security update that addresses the issue.

Both Avast Premier and Avast Internet Security include a built-in Firewall; using these versions of Avast and setting the Firewall profile to Public will prevent infections over the network.

Avast Wi-Fi Inspector supported alerts:



1988-2018 Copyright AVAST Software s.r.o.