On March 14th, 2017, Microsoft released a security bulletin titled Microsoft Security Bulletin MS17-010 - Critical,
also known as MS17-010
. The advisory details vulnerabilities in the Microsoft Server Message Block 1.0 (SMBv1) server, which has been the vector for exploiting the ransomware cyber attack named WannaCry
or Wanna Decryptor
The Cisco PSIRT Team has completed the investigation on Cisco products that have not reached end of software maintenance support and that do not
support automated or manual updates of the Microsoft patch for these vulnerabilities. No products have been found to prevent the automatic or manual installation of the MS17-010 patches or not function properly with the MS17-010 patches applied.
The Cisco Web Security Appliance, while not exploitable by the WannaCry suite of malware, requires the SMBv1 protocol for communication with Microsoft Active Directory. For full details on this dependency, please consult Cisco bug ID CSCuo70696
Guidance for all Cisco applications or products that run on affected Microsoft operating systems is to apply the Microsoft patch per Microsoft's recommendations
unless otherwise stated below. Currently no additional guidance other than to apply the Microsoft patches or disable SMBv1 is applicable.
Additional information about the vulnerabilities can be found at the following links:
Cisco Detection Rules
Cisco has made available the following Snort rules: 42329-42332, 42340, 41978.
Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org
Cisco legacy IPS Signature Pack S982 has been made available. This signature update has signatures 7958-0
to cover the ransomware attack.
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco
products, obtaining assistance with security incidents, and registering to
receive security information from Cisco, is available on Cisco's worldwide
This includes instructions for press inquiries regarding Cisco security
notices. All Cisco security advisories are available at