Showing posts from July, 2017

The Wannacry and NotPetya bug - CVE-2017-0144 SMB Remote Execution RCE

I've seen a lot of descriptions of the bug that Wannacry and now NotPetya leveraged to worm its way into the spotlight, but most of them are pretty vague.  Descriptions range from "logic error" and "buffer overflow" to Trend Micro's post that actually called out the actual bug - a casting error.  But even the Trend Micro post, which went into pretty good detail, didn't show the actual code that the error resided in, only a high level disassembly. There also seems to be some disagreement on where the bug resides in Windows 10.  One of the first people to analyze the Wannacry bug and do a write up on it posted his analysis to Reddit and was excoriated in the comments over it because of an error in where he thought the bug was in Windows 10.  Long story short, someone insisted very strongly to him that his analysis was wrong, and he eventually took down the analysis entirely  changed the URL of the analysis and posted an errata regarding the location of t