a generic way to protect yourself from security issue related to windows sharing

The ransomware, called Wanna Decryptor is spreading around the world, It works by leveraging a Windows

vulnerability that came to light last month when a cache of mysterious hacking tools was leaked on the internet.

The quickest way is to disable affected ports. You can save the following lines into a bat file, and run as administrator.

rem 135/tcp Microsoft Remote Procedure Call (RPC) service.
netsh advfirewall firewall delete rule block-tcp-135
netsh advfirewall firewall add rule name=block-tcp-135 dir=in action=block protocol=tcp localport=135

rem 139/tcp NetBIOS
netsh advfirewall firewall delete rule block-tcp-139
netsh advfirewall firewall add rule name=block-tcp-139 dir=in action=block protocol=tcp localport=139

rem 445/tcp Microsoft-DS (Active Directory, Windows shares)
rem 445/udp Microsoft-DS SMB file sharing
netsh advfirewall firewall delete rule block-tcp-445
netsh advfirewall firewall add rule name=block-tcp-445 dir=in action=block protocol=tcp localport=445
netsh advfirewall firewall delete rule block-udp-445
netsh advfirewall firewall add rule name=block-udp-445 dir=in action=block protocol=udp localport=445

rem Disable legacy SMB 1.0. Vista and newer OS still can use file sharing normally
dism /online /Disable-Feature /FeatureName:SMB1Protocol

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s