WannaCry vulnerability and MS17-010: Using BCM to patch the vulnerability

BMC Software is alerting users to a serious problem that requires immediate attention in systems that are running Microsoft Windows. If you have any questions about the problem, contact Customer Support.

May 16, 2017

Issue number [nnnnnn]: [Subject Line]

Issue

Vulnerability: Kindly find more information about the vulnerability CVE-2017-0144 at https://nvd.nist.gov/vuln/detail/CVE-2017-0144. It was identified about two months ago (published Mar 16 2017), and the vulnerability is now being widely exploited on systems. The vulnerability is rated critical for all supported releases of Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

Resolution

• Microsoft has released the following bulletin to address the issue: MS17-010, https://technet.microsoft.com/en-us/library/security/ms17-010.aspx. This vulnerability is also included in OS-specific Security Bulletin (roll-ups) SB17-002, SB17-003, SB17-004.  MS17-010 applies to Server 2003 and Server 2008, while SB17-002 applies to Server 2008 R2, SB17-003 applies to Server 2012 R2 and SB17-004 applies to Server 2012.
  
• BCM has included this bulletin in the latest BCM patch knowledge base version (2.0.2.2417). Once you patch BCM with the latest knowledge base, then you can use BCM to identify and patch any systems that are missing this critical patch.

How-to

It is easy to patch update BCM with the latest patch knowledge base and then apply that patch to other systems in your network.

See the post on the community for detailed information, BCM's response to MS17-010 and the WannaCry vulnerability