Windows 7 Eternal Blue

CVE-2017-0144

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack.

EternalBlue allows arbitrary remote code execution. Attackers can gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block (SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remote server.

The vulnerability doesn’t just apply to Microsoft Windows. Anything that uses the Microsoft SMBv1 server protocol is potentially vulnerable.

Impact

EternalBlue was among the information spilled by a hacking group called the Shadow Brokers, who in 2017 hacked an NSA trove of cyber weapons. Shadow Brokers published EternalBlue on the internet causing chaos and embarrassment for the NSA. Microsoft was advised and took action by urgently sharing a security patch for Windows sysadmins.

The flaws in SMBv1 protocol were patched by Microsoft in March 2017 with the MS17-010 security update. Unfortunately, despite the patch being available, there are still reportedly around a million machines connected to the internet that remain vulnerable.

References

1: What is EternalBlue

2: EternalBlue Exploit: What It Is And How It Works