Recently we’ve seen increased concern and discussion around an exploit released by Shadow Brokers which was acknowledged by Microsoft on March 14th, 2017. This issue involves SMBv1 and how it handles specially crafted requests to a host impacted by this vulnerability.

This exploit is also being leveraged in the WannaCrypt/WannaCry ransomware campaign which has been in the media recently. You can reference the links below for additional information around this issue:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspxhttps://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/https://www.us-cert.gov/ncas/alerts/TA17-132A

DocuSign takes security related vulnerabilities and issues seriously and as such, we have diligently tracked this issue through this process. MS17-010 was applied as part of our monthly vulnerability management process during the March cycle. All applicable production systems have been patched ahead of the Shadow Brokers release in mid-April. Our Digital Transaction Management platform and supporting systems are not impacted by MS17-010 or the WannaCrypt/WannaCry ransomware. Additionally, all systems are monitored for any suspicious activity.