DX Unified Infrastructure Management

  • Private Community

  • 1.  Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Posted May 17, 2017 07:42 AM

    HI one and all.

     

    Regarding the files installed alongside the CDM probe (and possibly others):

    Has the version of the C++ redistributable used (2008 / 2010) been identified as being part of the current Windows Ransomware attack vunerability?

     

    If this is the case, can the CDM (and any other probes) accept the patched / most recent versions of the redistributable file without over-writing them?

     

    Has anyone else seen this supposed issue?

     

    Cheers all.



  • 2.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Broadcom Employee
    Posted May 17, 2017 10:47 AM

    HI,

     

    Looks like the latest CDM probe is using the C++ 2008 and 2010 Sp1 packages and these are what is needed per MS.

    https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads 



  • 3.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Posted May 17, 2017 11:24 AM

    As most servers are not likely to be going back in versions, would there be any negative action to remove the

    CA C++ redistributibles that are not patched?

    If we engineers then go to install an upgrade of the CDM (or any probe that requires the C++ files), will the probe want ONLY the most recent versions, or will it look for a specific version (for example, the file version of the Non-patched package), or will the probe install complete, by using the most recent available C++ package?



  • 4.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Broadcom Employee
    Posted May 17, 2017 11:33 AM

    The latest version of CDM probe will check the archive for the correct sp1 version of the C++ runtime.

    it will fail to update or install if this version is not already installed or can not be installed.,

    As far as the CDM probe is concerned there should be no impact to removing older versions.



  • 5.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Posted May 17, 2017 11:48 AM

    That's good, because I was concerned that if the probe was removed and then re-installed, it would use the previous version that would over-write the patched runtime and open the server for the vunerability again.

    Do you know if CA have the 2015 runtime available for the Archive download in the near future?



  • 6.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Broadcom Employee
    Posted May 17, 2017 11:51 AM

    Sorry No idea. I work in support and we do not have access to road map information.

    Hopefully some one from the product management team will see this can can chime in on that



  • 7.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Posted May 17, 2017 12:10 PM

    Thanks for that Gene. I'm sure I'm not the only person who's looking at this issue.

    Indeed, I hope we hear from someone soon.

    Thank you for your input.



  • 8.  Re: Current Vunerability on C++ install, via CDM. Is this part of the Ransomware vunerability?

    Posted May 17, 2017 02:18 PM

    Based on what we know now, the redistributable we use is not impacted by the current EnteralBlue exploit, however we are monitoring the situation closely.  As the situation develops (and Microsoft respond to the exploit) we will respond appropriately.