The remote Windows host is affected by the following vulnerabilities :

  - Multiple remote code execution vulnerabilities exist in     Microsoft Server Message Block 1.0 (SMBv1) due to     improper handling of certain requests. An     unauthenticated, remote attacker can exploit these     vulnerabilities, via a specially crafted packet, to     execute arbitrary code. (CVE-2017-0143, CVE-2017-0144,     CVE-2017-0145, CVE-2017-0146, CVE-2017-0148)

  - An information disclosure vulnerability exists in     Microsoft Server Message Block 1.0 (SMBv1) due to     improper handling of certain requests. An     unauthenticated, remote attacker can exploit this, via a     specially crafted packet, to disclose sensitive     information. (CVE-2017-0147)

ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY are four of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers. WannaCry / WannaCrypt is a ransomware program utilizing the ETERNALBLUE exploit, and EternalRocks is a worm that utilizes seven Equation Group vulnerabilities. Petya is a ransomware program that first utilizes CVE-2017-0199, a vulnerability in Microsoft Office, and then spreads via ETERNALBLUE.

Detections

Analytics

MS17-010: Security Update for Microsoft Windows SMB Server (4013389) (ETERNALBLUE) (ETERNALCHAMPION) (ETERNALROMANCE) (ETERNALSYNERGY) (WannaCry) (EternalRocks) (Petya) (uncredentialed check)

high Nessus Plugin ID 97833

Version 1.31