AnsweredAssumed Answered

Microsoft Windows Remote Code Execution - Shadow Brokers (ERRATICGOPHER) - Zero Day

Question asked by adamc on Jul 24, 2017
Latest reply on Jul 26, 2017 by adamc

How are enterprises with Server 2003 requirements remediating this vulnerability?  It looks like MS put out KB4012598 (Download Security Update for Windows Server 2003 (KB4012598) from Official Microsoft Download Center) to fix the issue.  But Qualys seems to just look for the existence of "HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb" which allows SMBv1.  Seems that the Qualys detection logic is not ideal or aligns with remediation actions.  This applies to the MS17-010 patching efforts, and the Nmap NSE built for MS17-010 detection's does not show these servers as vulnerable when patched but the Qualys detection does.