Security Tip: Beware of Ransomware Vulnerabilities and CPU Vulnerabilities

Others 2022-04-23 06:19:43 views: 0

In recent days, some domestic information security teams have issued security alerts one after another, saying that the domestic ransomware epidemic is very serious, and the government, enterprises and individual users are all under attack, and system vulnerabilities are the main entry point for ransomware attacks. Laoyou Technology here reminds the majority of computer users that critical system vulnerabilities must be patched in time and relevant checks must be made. This article describes how to deal with two high-risk system vulnerabilities.

1. Eternalblue Ransomware Vulnerability

Eternal Blue refers to the worm malicious code based on the Windows network sharing protocol that broke out on a global scale since May 12, 2017. The criminals have modified the "Eternal Blue" attack program in the NSA hacker arsenal that was leaked before. Initiated cyber attacks. The United Kingdom, Russia, the whole of Europe, and many colleges and universities in China, intranets of large enterprises and private networks of government agencies were recruited, and were extorted to pay high ransoms to decrypt and restore files.

The case for the Eternalblue exploit

  • The server of a listed company in Fujian was invaded by the ransomware Ransom/Bunnyde, resulting in the encryption of the core ERP (financial system) database of the company
  • A person's website operator's computer was infected with a ransomware virus, which caused most of the data on his website to be encrypted, and had to temporarily shut down the website.
  • When the computer of a university student was connected to the school network, it was infected by the ransomware virus that entered through the vulnerability of the host system of the campus network, and all files including the graduation thesis were encrypted

Solutions to the Eternalblue Vulnerability

Microsoft has released the MS17-010 patch on March 14, 2017, which fixes the system vulnerability of the "Eternal Blue" attack

Method 1: Manual Repair

  1. Download and install Windows Security Update KB4012212 (Security Update Only) or KB4012215 (Monthly Rollup) (For Windows 7 and Winsows Server 2008 R2 only)
  2. After patching, you can use the free tool Netfrog to check the system immunity

Ransomware Patch Detection

Method 2: The NSA immune tool in 360 Security Guard can be installed.

Installation method: Click "Function Encyclopedia" -> "Data Security" -> "NSA Immune Tool" -> click the "Add" button.

2. CPU high-risk vulnerability

background

  • 2018.1.3 Foreign security researchers disclosed Meltdown and Spectre CPU vulnerabilities.
  • 2018.1.3 Microsoft releases security update patch KB4056897 for CPU vulnerabilities
  • 2018.2.13 Microsoft releases February security patch KB4074587 that includes functions to fix CPU vulnerabilities
  • A serious vulnerability (Total Meltdown) was found in Microsoft's Windows7 x64 and Windows Server 2008 R2 security patches in January and February 2018. The patch incorrectly set PML4 permissions to user-level, causing any user-mode process to access the system. The kernel performs arbitrary reads and writes.

Vulnerability Overview

  • Meltdown: Unauthorized malicious data cache loading (CVE-2017-5754)
  • Spectre: Bypass bounds checking (CVE-2017-5753) and branch target injection (CVE-201-5715)
  • Rift (TotalMeltdown): Foreign security researchers found a fatal bug in Microsoft's January and February 2018 Windows 7 x64 and Windows Server 2008 R2 security updates, Microsoft developers mistakenly made kernel-only PML4 (Page Map Level 4) The page table is set to be accessible in user mode, which allows any process to read and write arbitrarily to the kernel

Impact of CPU Vulnerabilities

  • Standalone server: Processes may access the memory space of other processes, and low-privileged users may access the underlying information of the local operating system, the kernel space.
  • Cloud computing server: Access other tenants' memory data through vulnerabilities, resulting in sensitive information of other cloud tenants.
  • Personal computer/smart phone/smart terminal device: Visit malicious websites through browsers, resulting in the disclosure of victim's account, password, email, cookies and other information.
  • Attackers can use this vulnerability to read and write arbitrarily to the system kernel to fully control the victim's machine

Solutions to CPU Vulnerabilities

Method 1: Manual Repair

  1. Download and install Windows update KB4093108 (security update only) or KB4093118 (monthly rollup) (for Windows 7 and Winsows Server 2008 R2 only)
  2. After patching, you can use the free tool Netfrog to check the system immunity

CPU vulnerability detection

Method 2: Install the "TotalMeltdown" vulnerability detection tool

Download Rift Valley special tool download address

Related Products

To view the original text of the article, please visit the official website of Fujian Laoyou Security Tips: Be careful with ransomware vulnerabilities and CPU vulnerabilities

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325501475&siteId=291194637
Recommended
Ranking
SpringBoot-integrate redis
[Sword pointing to offer] Interview question 03: Repeated numbers in an array
Arrangement "Offer Penalty for prove safety" string
Browser prevent the automatic generation of fill and Echo have been saved account solutions
Work hard and never slacken——2022 Yinmai Information Year-End Summary
Install jdk7 on Linux system
App common dependency management tools
EduCoder-Web程序设计基础-html5— 给表单组件添加说明-第1关:label标签相关概念
Machine learning - clustering - density clustering algorithm notes
Ant's large model is exposed, AI+ finance enters the "big model" era
Daily
More
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)

Code World

© 2018 codetd.com