With the exception of Esteemaudit, the exploits should be blocked by most firewalls. And best practices call for remote desktop connections to require use of a virtual private network, a practice that should make the Estememaudit exploit ineffective. Microsoft also recommends that organizations disable SMBv1, unless they absolutely need to hang on to it for compatibility reasons, which may block Eternalblue. That means organizations that are following best practices are likely safe from external attacks using these exploits. Amol Sarwate, director of engineering at security firm Qualys, has confirmed that at least one of the exploits, Eternalblue, works on Windows 10, even though the exploit was created before the OS was released.

Link zur Quelle

hatr