Security friends: Is anyone aware of a list of vulnerabilities disclosed by the U.S. government either pursuant to or outside of a vulnerability equities process (VEP)?
-
-
There wasn't enough notice and many afflicted devices were not readily patchable. Is unpatchability rare or common?
-
Not a question of unpatchability, but time to patch. Custom apps and configs have to be at least tested prior to push.
-
I thought I had read that some of the affected medical devices were unpatchable...
-
Yes they were but many of them were protected through behavioural detections as WannaCry’s ransomware component was easily stopped (through network analysis). Also it mainly rebooted devices running XP due to issue with SMBv3
-
Pls clarify: "rebooted devices" (med, IT, both)? The vuln was in all versions of SMB including failure to contain the protocol internally. Why call out just v3?
-
Sorry that was me quick tweeting (I meant to put v1). The vuln does occur in all, but EternalBlue uses the former. Plus, again quick tweeting, it mainly crashed XP and then that caused the reboot (not the mal rebooting, obviously). With those deploying some sort of HIPS most /1
-
did not experience issues, and if you prevent execution (and you don't have some odd internet-facing med devices), some segregation, most were fine. Spoke to many people in UK's NHS about this.
-
However evidence to the contrary would be most welcome, as I'm just writing about it atm.

- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.