begin quote from:
EternalBlue exploit

EternalBlue

From Wikipedia, the free encyclopedia

EternalBlue, sometimes stylized as ETERNALBLUE,^[1] is an exploit generally believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on 14 April 2017, and was used as part of the worldwide WannaCry ransomware attack on 12 May 2017.^[1]^[2]^[3]^[4]^[5]

Details

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. Despite the fact that the vulnerability was resolved by security update (MS17-010) provided by Microsoft on 14 March 2017, many Windows users had still not installed this security patch when, on 12 May 2017, the WannaCry attack used the vulnerability to spread itself.^[6]^[7]^[8]
Due to the seriousness of the WannaCry attack, on May 13, 2017 Microsoft took the highly unusual step of also providing a security update for Windows XP, Windows 8, and Windows Server 2003, despite these versions being past their support cycles. The extended support for Windows XP ended three years previously on April 8, 2014, whilst Windows Server 2003 support had ended on July 14, 2015.^[9]^[10] Windows XP, Windows 8, and Windows Server 2003 users can download the patch from the Microsoft Update Catalog.^[11]^[12] Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016 were included in the normal security update in March,^[13] though extended support for Windows Vista ended on 11 April 2017.^[14]

References

"NSA-leaking Shadow Brokers just dumped its most damaging release yet". Retrieved 13 May 2017.

"Windows Vista Lifecycle Policy". Microsoft. Retrieved 13 May 2017.

External links

[hide] v t e Hacking in the 2010s

Timeline

Major incidents	Operation Aurora (2010) Australian cyberattacks (2010) Operation Payback (2010) HBGary Federal (2011) DigiNotar (2011) RSA SecurID compromise (2011) Operation Tunisia (2011) 2011 PlayStation Network outage (2011) Operation AntiSec (2011) Stratfor email leak (2012–13) LinkedIn hack (2012) South Korea cyberattack (2013) Snapchat hack (2013) Yahoo! data breaches (2013–16) Anthem medical data breach (2014–15) Operation Tovar (2014) iCloud leaks of celebrity photos (2014) Sony Pictures hack (2014) Russian hacker password theft (2014) Office of Personnel Management data breach (2015) Hacking Team (2015) Ashley Madison data breach (2015) VTech data breach (2015) SWIFT banking hack (2015–16) Bangladesh Bank heist (2016) Hollywood Presbyterian Medical Center ransomware incident (2016) Commission on Elections data breach (2016) Democratic National Committee cyber attacks (2016) DCCC cyber attacks (2016) Dyn cyberattack (2016) Russian interference in U.S. election (2016) WannaCry ransomware attack (2017)

Groups	Anonymous associated events Bureau 121 Cozy Bear CyberBerkut Derp Equation Group Fancy Bear GNAA Goatse Security Guccifer 2.0 Hacking Team Iranian Cyber Army Lizard Squad LulzRaft LulzSec New World Hackers NullCrew NSO Group PayPal 14 PLA Unit 61398 Pranknet RedHack Rocket Kitten The Shadow Brokers Syrian Electronic Army TeaMp0isoN Tailored Access Operations UGNazi Yemen Cyber Army

Individuals	George Hotz Guccifer Hector Monsegur Jeremy Hammond Junaid Hussain Kristoffer von Hassel Mustafa Al-Bassam MLT Ryan Ackroyd Topiary The Jester weev

Vulnerabilities discovered	Evercookie (2010) iSeeYou (2013) Heartbleed (2014) Shellshock (2014) POODLE (2014) Rootpipe (2014) Rowhammer (2014) JASBUG (2015) Stagefright (2015) DROWN (2016) Badlock (2016) Dirty COW (2016) Cloudbleed (2017) Broadcom Wi-Fi (2017) EternalBlue (2017) Silent Bob is Silent (2017)

Malware	Careto / The Mask CryptoLocker Dexter Duqu Duqu 2.0 FinFisher Flame Gameover ZeuS Mahdi Metulji botnet Mirai NSA ANT catalog Pegasus R2D2 Shamoon Stars virus Stuxnet Vault 7 WannaCry X-Agent

Categories:

Fox-Brewster, Thomas. "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak". Forbes. Retrieved 13 May 2017.

"An NSA-derived ransomware worm is shutting down computers worldwide". Ars Technica. Retrieved 13 May 2017.

Ghosh, Agamoni (April 9, 2017). "'President Trump what the f**k are you doing' say Shadow Brokers and dump more NSA hacking tools". International Business Times UK. Retrieved April 10, 2017.

"'NSA malware' released by Shadow Brokers hacker group". BBC News. April 10, 2017. Retrieved April 10, 2017.

"Microsoft Security Bulletin MS17-010 – Critical". technet.microsoft.com. Retrieved 13 May 2017.

Newman, Lily Hay. "The Ransomware Meltdown Experts Warned About Is Here". Wired.com. Retrieved 13 May 2017.

"Wanna Decryptor: The NSA-derived ransomware worm shutting down computers worldwide". Ars Technica UK. Retrieved May 13, 2017.

"Microsoft Product Lifecycle Search: Windows XP". Microsoft Support. Microsoft. Retrieved May 14, 2017.

"Windows Server 2003 end of support". Microsoft. Archived from the original on May 14, 2017. Retrieved May 14, 2017.

Surur (13 May 2017). "Microsoft release Wannacrypt patch for unsupported Windows XP, Windows 8 and Windows Server 2003". Retrieved 13 May 2017.

MSRC Team. "Customer Guidance for WannaCrypt attacks". microsoft.com. Retrieved 13 May 2017.

Cimpanu, Catalin (13 May 2017). "Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r". Bleeping Computer. Retrieved 13 May 2017.

Intuitive fred888

Top 10 Posts This Month

Monday, May 15, 2017

EternalBlue exploit regarding wanna cry ransomware

EternalBlue

Details

References

External links

Navigation menu

Search

Interaction

Tools

Print/export

Languages

No comments: