EternalBlue (CVE-2017-0144)

EternalBlue is the SMBv1 exploit leaked from the NSA's Equation Group that became the worm engine for WannaCry and NotPetya.

Definition

EternalBlue is the NSA exploit (CVE-2017-0144) targeting Microsoft Server Message Block version 1 (SMBv1). The exploit chain uses a sequence of SMBv1 transaction-handling bugs to achieve unauthenticated remote code execution on any Windows system with SMBv1 enabled. The Shadow Brokers leaked the exploit in April 2017; within a month, WannaCry weaponised it into a ransomware worm that infected hundreds of thousands of systems globally. NotPetya followed weeks later.

Impact

Worm-class RCE against unpatched Windows installations.

Mitigation

Apply MS17-010 (March 2017 patch). Disable SMBv1 entirely.

See also

References