What is EternalBlue?




EternalBlue is the name given to a software vulnerability in Microsoft's Windows operating system. The tech giant has called it EternalBlue MS17-010 and issued a security update for the flaw on March 14. The patch was issued before the WannaCry ransomware spread around the world and those who had updated early would have been protected.
The vulnerability works by exploiting the Microsoft Server Message Block 1.0. The SMB is a network file sharing protocol and "allows applications on a computer to read and write to files and to request services" that are on the same network.
Microsoft says the security update it issued is Critical and following WannaCry it released a rare Windows XP patch after officially ending support for the software in 2014.

Can I check if my machine is vulnerable?



Multiple versions of Windows are vulnerable to EternalBlue. "The severity ratings indicated for each affected software assume the potential maximum impact of the vulnerability," Microsoft says in a statement.
The company's security page details version of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016 can all be impacted by the EternalBlue exploit.
Helpfully, security group Eset has created a free tool that will check to see if the version of Windows you are running is vulnerable to EternalBlue. "The danger is not in the WannaCry ransomware itself, but in the EternalBlue exploit, which has been using the vulnerability in unpatched Microsoft systems to spread the infection to other unpatched computers," the company explains.

How do I protect against EternalBlue?



From what we have seen in both WannaCry and Petya, the MS17-010 vulnerability can be exploited in a number of ways. During WannaCry it was spread through emails and within Petya it is believed, although not confirmed, to have spread through a software update from a Ukrainian company.
The best way to be protected from EternalBlue is to install the Microsoft patch detailed above. This will stop the SMB protocol being exploited even if attempts are made to do so.
Other basic security advice should be followed, including not clicking on links from unknown email senders and not opening attachments where the source is dubious.




Source : http://www.wired.co.uk/article/what-is-eternal-blue-exploit-vulnerability-patch

Comments