Blog
\
Vulnerabilities and Threats

Petya or NotPetya, Why is MS17–010 Still Not Patched?

Daniel Andrew
Author
Daniel Andrew
Head of Security
Updated
September 8, 2023
|
Published
June 30, 2017
|
min read

Key Points

Petya or NotPetya — How long should it take to patch against a globally recognised exploit, and why are attackers still able to use MS17–010?

Whether you prefer to call the latest global ransomware attack by the name the media have (somewhat incorrectly) chosen: ‘Petya’, or by its fashionable alternative: ‘NotPetya’, the fact of the matter is that the firms around the world are struggling to keep up with the ever evolving world of cyber attacks.

In the wake of Petya, the latest global ransomware attack, we are once again reminded how many thousands of firms still have security solutions which have difficulty protecting against a myriad of threats. The infection vector used by the attackers this time around was more sophisticated than the WannaCry epidemic, with the malicious payload being delivered via third-party accounting software by MeDOC, Ukrainian accounting firm. Even so, the attack wormed itself around internal networks using the same exploit as the WannaCry attack, meaning that up-to-date machines with the Microsoft patch (MS17–010) would not have been affected by internal network spread. Firms have had almost 2 months since the last global ransomware epidemic to patch their systems, but many have failed. This just goes to show how much work there still is to be done.

On a related note, the ShadowBrokers (The group which released the suite of exploits that are being used for these ransomware attacks) are due to release a new set of exploits in the first two weeks of July. We can guarantee that these will be keenly picked up by attackers, who will be writing malware to be delivered using these newly released methods within weeks. We’d like to reiterate to our clients and readers alike, therefore, the importance of keeping your software patched.

The upcoming months are going to be crucial for securing internet facing systems, so if your firm hasn’t heard of the Shadow Brokers and the upcoming threat, don’t hesitate to get in touch about how we can offer a good level of continuous security coverage through vulnerability scanning.

The Intruder Team

Get our free

Ultimate Guide to Vulnerability Scanning

Learn everything you need to get started with vulnerability scanning and how to get the most out of your chosen product with our free PDF guide.

Download now
Author
Daniel Andrew
,
Head of Security

Dan heads up the Security team at Intruder. His background is in .NET software engineering, consulting, and penetration testing.

Reviewed by
,

Quick links
Heading 2
Heading 3
Heading 4
Heading 5
Heading 6
mail icon
Get regular updates

Get our latest news, research, and expert advice, straight to your inbox

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Recommended articles

What is the OpenSSH regreSSHion vulnerability (CVE-2024-6387)?
Vulnerabilities and Threats

What is the OpenSSH regreSSHion vulnerability (CVE-2024-6387)?

Get the latest on the OpenSSH regreSSHion vulnerability (CVE-2024-6387). Intruder's Security team explain what it is, its potential impact, and what action you need to take.
200,000 websites still affected by three year old security weakness (Heartbleed)
Vulnerabilities and Threats

200,000 websites still affected by three year old security weakness (Heartbleed)

The Heartbleed vulnerability, renowned for allowing hackers anywhere on the internet to access encrypted communication between websites and…
How bad is the Citrix Bleed vulnerability [CVE-2023-4966]?
Vulnerabilities and Threats

How bad is the Citrix Bleed vulnerability [CVE-2023-4966]?

Get our take on the impact of the NetScaler vulnerability, see if you're affected, and find out how to fix it.

Sign up for your free 14-day trial

Start today
7 days free trial