Security Focus: Get CVE Information for WannaCrypt

You've no doubt heard that the WannaCrypt ransomware is also a worm. The propagation code exploits a patched SMB vulnerability - CVE-2017-0145.

How can we use PowerShell to create a Common Vulnerabilities and Exposures (CVE) report for that vulnerability?

 

 
Set-MSRCApiKey -ApiKey XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

$cvrfDoc = Get-MsrcCvrfDocument -ID 2017-Mar

$Properties = @{
    Vulnerability = ($cvrfDoc.Vulnerability | Where-Object {$_.CVE -like "CVE-2017-0145"})
    ProductTree   = $cvrfDoc.ProductTree
}

Get-MsrcVulnerabilityReportHtml @Properties | Out-File -FilePath CVE-2017-0145.html

 

Have a look here for details of how to obtain the MsrcSecurityUpdates PowerShell module.

Input your MSRC API key. You can obtain one from here.

Now, request the Common Vulnerability Reporting Framework (CVRF) document for the March 2017 update (contains MS17-010 which patches the SMB vulnerability). Parse the document for CVE-2017-0145 and then splat the collected information into Get-MsrcVulnerabilityReportHtml cmdlet to generate a html report.

 

wanna

 

Want all of the CVEs that MS17-010 patches? Try this tweak...

 

 
Vulnerability = ($cvrfDoc.Vulnerability | Where-Object {$_.CVE -like "CVE-2017-014[3-8]"})

Customer Guidance for WannaCrypt attacks