cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

EternalBlue: 1000s of machines still vulnerable

EternalBlue is the a software vulnerability in Microsoft's Windows operating system. It is "Windows SMB Remote Code Execution Vulnerability", and described in CVE-2017-144. The vulnerability exploits Microsoft server message block 1.0 (SMBv1) - a network file sharing protocol. It allows remote attackers to execute arbitrary code via crafted packets, as this vulnerable protocol allows applications on the windows system to read and write to files and request various services that are on same network. This vulnerability become even more lethal with its expose over internet through TCP port 445 - a security research found over a million devices exposing SMB over TCP 445, thus can be attacked from anywhere in the Internet.  

Microsoft issued a critical security bulletin MS17-010 on 14-March-2017, which included patch for EternalBlue and other SMB related CVEs. Even though this security patch for windows was made available long before WannCry and Petya ransomware, but many systems around the world remained unpatched; and hence fallen victim to these ransomware. Even after these security incidents followed by awareness drive, 1000s of machines still vulnerable to SMBv1 exposure. For large organizations with tens of thousands of hosts, it is extremely difficult to find vulnerable hosts - these are the blind spots in a business network. Security admins must continue to regularly scan for EternalBlue vulnerabilities, disable the SMBv1 protocol, and apply latest patches. But there maybe many more unknown vulnerabilities in this or other protocol -  the zero-days. 

Check Point SandBlast Zero-Day protection family of products protects organization against such zero-day attacks at network gateway, on the endpoint, and in the cloud. Learn more at SandBlast Zero-Day Protection | Check Point Software  

Jony Fischbein‌ 

3 Replies
Employee+
Employee+

Re: EternalBlue: 1000s of machines still vulnerable

Hi https://community.checkpoint.com/people/kvars7afe82cf-43ef-4b52-9446-6ac8ba07ce69‌ do you think we can do a serious of these explainations for all of the elements in EternalRocks?

0 Kudos

Re: EternalBlue: 1000s of machines still vulnerable

Hi https://community.checkpoint.com/people/eduma846337c8-57d0-40ab-aea0-4aa6da5cf474‌, Yes we can and should do a series of technical explanation of key cyber security incidents. Let me know if you have any such incident in mind.

0 Kudos
Employee+
Employee+

Re: EternalBlue: 1000s of machines still vulnerable

EternalRocks has 7 components. 1 used in wannacry, one in not petya. Would love to see explaination of each

-Evan

Sent securely while mobile

0 Kudos