Many Windows users had not installed the patches when, two months later on May 12, 2017, the WannaCry ransomware attack used the EternalBlue vulnerability to spread itself. On Tuesday, March 14, 2017, Microsoft issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, these being Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016. The agency then warned Microsoft after learning about EternalBlue's possible theft, allowing the company to prepare a software patch issued in March 2017, after delaying its regular release of security patches in February 2017. The NSA did not alert Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand.
The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to remotely execute code on the target computer. This vulnerability is denoted by entry CVE- 2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. ĮternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. ĮternalBlue was among the several exploits used, in conjunction with the DoublePulsar backdoor implant tool. The exploit was also reported to have been used since March 2016 by the Chinese hacking group Buckeye (APT3), after they likely found and re-purposed the tool, : 1 as well as reported to have been used as part of the Retefe banking trojan since at least September 5, 2017.
: 1 On June 27, 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more unpatched computers. On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers. It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.
Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 2003 Server, Windows 2003 Server R2, Windows Server 2012, Windows Server 2016ĮternalBlue is a computer exploit developed by the U.S.
Please help improve the article by providing more context for the reader. This article provides insufficient context for those unfamiliar with the subject.
0 kommentar(er)
