EternalBlue — Microsoft Corporation Windows Smb Vulnerability
CVE-2017-0144
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote at…
EPSS: 0.943 (100.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Corporation Windows Smb — versions The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Known ransomware campaign use: yes.
Public proof-of-concept exploits
- peterpt/eternal_scanner
- EEsshq/CVE-2017-0144---EtneralBlue-MS17-010-Remote-Code-Execution
- AdityaBhatt3010/VAPT-Report-on-SMB-Exploitation-in-Windows-10-Finance-Endpoint
- AtithKhawas/autoblue
- sethwhy/BlueDoor
- MedX267/EternalBlue-Vulnerability-Scanner
- kimocoder/eternalblue
- trinadh-dasari-cyber/eternalblue-ms17-010-research
- ichhyak22/EternalBlue-Exploit-Demonstration-MS17-010
- dannic145/EternalBlue-Exploit-Demonstration
References
- 42031 (exploit, x_refsource_EXPLOIT-DB)
- 42030 (exploit, x_refsource_EXPLOIT-DB)
- 41891 (exploit, x_refsource_EXPLOIT-DB)
- 1037991 (vdb-entry, x_refsource_SECTRACK)
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0144 (x_refsource_CONFIRM)
- cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf (x_refsource_CONFIRM)
- ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 (x_refsource_MISC)
- 41987 (exploit, x_refsource_EXPLOIT-DB)
- 96704 (vdb-entry, x_refsource_BID)
- cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2017-0144?
- CVE-2017-0144 is a vulnerability in Microsoft Corporation Windows Smb. Published 2017-03-17.
- Is CVE-2017-0144 known to be exploited?
- Yes. CVE-2017-0144 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-02-10), indicating it is being actively exploited. 346 public proof-of-concept repositories are indexed.