Windows SMB/RDP Remote Vulnerability Risk Notification and Remediation Guideline
Publish Date 04/22/2017
Recently, foreign hacking organization The ShadowBrokers unveiled a number of Windows high-risk vulnerabilities and tools, which can be used to cause Windows machines to be executed arbitrary commands, triggering a series of serious consequences including blue screen, intrusion and data deletion, etc.
Microsoft has officially released patches, but a large number of customers have not yet repaired. The risk is enormous, and requirement of security assistance is increasing dramatically. In order to improve the security of the cloud hosts, please be sure to pay attention to the following information:
For ECS servers you are using:
1. If you do not use TCP[42, 135, 137, 139, 445] and UDP[135, 137, 138, 139] ports in your business, please log on to [Management Console] - [ECS] - [Security Groups] as soon as possible, click the "Bulk Repair Windows SMB Vulnerabilities" button to close the associated high-risk ports.
2. If you use SMB protocol or the ports above in your business, you can log on to the [Management Console] - [ECS] - [Security Groups], and click the “Ignore Repair” button to ignore the repair. Due to the risk, we strongly recommend that you install the Windows patches and reboot the system before ignoring the repair.
In order to guarantee the security of data and the availability of service, for the customers without operating repair or ignoring repair by April 24th, Alibaba Cloud will help modify the rules of security groups through backstage according to general solutions, block the network requests to TCP ports 42, 135, 137, 139, 445 and UDP ports 135, 137, 138, 139, which are influenced by this event and easily causing the invasion into servers.
For ECS to be purchased:
1. The Windows provided by Alibaba Cloud has installed the new patches.
2. Customers are expected to modify the rules of security groups, open necessary ports and make necessary limitations.
If you have other requests for port configuration. You can operate by the route: [Management Console] - [ECS] - [Security Groups] - [Configure Rules]. For more details, please refer to: https://intl.aliyun.com/forum/read-888
Feel free to contact us if any problem concerning. Thank you.
Microsoft has officially released patches, but a large number of customers have not yet repaired. The risk is enormous, and requirement of security assistance is increasing dramatically. In order to improve the security of the cloud hosts, please be sure to pay attention to the following information:
For ECS servers you are using:
1. If you do not use TCP[42, 135, 137, 139, 445] and UDP[135, 137, 138, 139] ports in your business, please log on to [Management Console] - [ECS] - [Security Groups] as soon as possible, click the "Bulk Repair Windows SMB Vulnerabilities" button to close the associated high-risk ports.
2. If you use SMB protocol or the ports above in your business, you can log on to the [Management Console] - [ECS] - [Security Groups], and click the “Ignore Repair” button to ignore the repair. Due to the risk, we strongly recommend that you install the Windows patches and reboot the system before ignoring the repair.
In order to guarantee the security of data and the availability of service, for the customers without operating repair or ignoring repair by April 24th, Alibaba Cloud will help modify the rules of security groups through backstage according to general solutions, block the network requests to TCP ports 42, 135, 137, 139, 445 and UDP ports 135, 137, 138, 139, which are influenced by this event and easily causing the invasion into servers.
For ECS to be purchased:
1. The Windows provided by Alibaba Cloud has installed the new patches.
2. Customers are expected to modify the rules of security groups, open necessary ports and make necessary limitations.
If you have other requests for port configuration. You can operate by the route: [Management Console] - [ECS] - [Security Groups] - [Configure Rules]. For more details, please refer to: https://intl.aliyun.com/forum/read-888
Feel free to contact us if any problem concerning. Thank you.