Monday, May 15, 2017

EternalBlue exploit regarding wanna cry ransomware

begin quote from:
EternalBlue exploit


From Wikipedia, the free encyclopedia
EternalBlue, sometimes stylized as ETERNALBLUE,[1] is an exploit generally believed to have been developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on 14 April 2017, and was used as part of the worldwide WannaCry ransomware attack on 12 May 2017.[1][2][3][4][5]


EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. Despite the fact that the vulnerability was resolved by security update (MS17-010) provided by Microsoft on 14 March 2017, many Windows users had still not installed this security patch when, on 12 May 2017, the WannaCry attack used the vulnerability to spread itself.[6][7][8]
Due to the seriousness of the WannaCry attack, on May 13, 2017 Microsoft took the highly unusual step of also providing a security update for Windows XP, Windows 8, and Windows Server 2003, despite these versions being past their support cycles. The extended support for Windows XP ended three years previously on April 8, 2014, whilst Windows Server 2003 support had ended on July 14, 2015.[9][10] Windows XP, Windows 8, and Windows Server 2003 users can download the patch from the Microsoft Update Catalog.[11][12] Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016 were included in the normal security update in March,[13] though extended support for Windows Vista ended on 11 April 2017.[14]


  • "NSA-leaking Shadow Brokers just dumped its most damaging release yet". Retrieved 13 May 2017.
    1. "Windows Vista Lifecycle Policy". Microsoft. Retrieved 13 May 2017.

    External links

    Navigation menu

  • Fox-Brewster, Thomas. "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak". Forbes. Retrieved 13 May 2017.
  • "An NSA-derived ransomware worm is shutting down computers worldwide". Ars Technica. Retrieved 13 May 2017.
  • Ghosh, Agamoni (April 9, 2017). "'President Trump what the f**k are you doing' say Shadow Brokers and dump more NSA hacking tools". International Business Times UK. Retrieved April 10, 2017.
  • "'NSA malware' released by Shadow Brokers hacker group". BBC News. April 10, 2017. Retrieved April 10, 2017.
  • "Microsoft Security Bulletin MS17-010 – Critical". Retrieved 13 May 2017.
  • Newman, Lily Hay. "The Ransomware Meltdown Experts Warned About Is Here". Retrieved 13 May 2017.
  • "Wanna Decryptor: The NSA-derived ransomware worm shutting down computers worldwide". Ars Technica UK. Retrieved May 13, 2017.
  • "Microsoft Product Lifecycle Search: Windows XP". Microsoft Support. Microsoft. Retrieved May 14, 2017.
  • "Windows Server 2003 end of support". Microsoft. Archived from the original on May 14, 2017. Retrieved May 14, 2017.
  • Surur (13 May 2017). "Microsoft release Wannacrypt patch for unsupported Windows XP, Windows 8 and Windows Server 2003". Retrieved 13 May 2017.
  • MSRC Team. "Customer Guidance for WannaCrypt attacks". Retrieved 13 May 2017.
  • Cimpanu, Catalin (13 May 2017). "Microsoft Releases Patch for Older Windows Versions to Protect Against Wana Decrypt0r". Bleeping Computer. Retrieved 13 May 2017.


    No comments: