Microsoft Security Bulletin MS17-010 - Security Update for Microsoft Windows SMB Server (4013389)

Hi all,

I am sure that some people have been dealing with this recent security issue regarding disabling SMBv1.

Further details here:

https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices

Apparently this is now fixed by installing a Windows patch detailed in this Technet article (published March 14 2017):

https://technet.microsoft.com/library/security/MS17-010

However, I have noticed that even after installing this patch, a vulnerability scan on a test server is still reporting this vulnerability.  If I perform the manual reg key fix (detailed here: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012 ) the vulnerability scan reports that the vulnerability has been removed.

My question is, does the Windows security patch detailed in article MS17-010 truly fix the issue? Does my vulnerability scan just need to update to realise that this patch resolves the issue (I dont think that an update has been available since Microsoft released this patch)?
fieldjAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Hi.

"Does my vulnerability scan just need to update to realise that this patch resolves the issue" - that is very likely the cause. Ask the vendor of the scanner.
0
fieldjAuthor Commented:
Lets hope this is the case.  I have already asked them and am awaiting a reply.

I would be interested to hear others experience with this vulnerability and whether the patch seems to have resolved it for them.
0
masnrockCommented:
You have to put into context that this has just very recently come out. Also make sure that your vulnerability scanner is up to date. As far as your scanner goes it comes down to exact what it's checking for. So while it's hoped that the MS patch did actually fix it, there is always that possibility that either a flaw remains of a slightly new issue got introduced. Unless you need to keep SMBv1, I'd say disable it. Otherwise, stay tuned within in news, because someone will hopefully find a way test for the vulnerability properly.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
McKnifeCommented:
With a vulnerability that notorious (SMB is file services), it would be more than odd if that patch wouldn't have fixed it. Vulnerability scanners will need to be updated to detect it, I don't think those scanners will detect it by actually exploiting it.
0
masnrockCommented:
Microsoft has been known to release patches only to have to release another one later. But that said, I'd be counting on a security researcher to try exploiting it in their own lab and reporting properly. My reference to testing the vulnerability wasn't about the scanners themselves, as much as someone releasing a tool to test. Much like the recent WebEx plugin fixes... one update was released and still found to be vulnerable, so another had to be released.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.