What is "Eternal Blue"
Eternal blue is an exploit developed by US NSA (Actually according to testimony by ex NSA employees). Eternal Blue is exploiting a vulnerability in Microsoft SMB protocol (CVE-2017-0144). This exploit was leaked by the Shadow Brokers hacker group on April 2017 and it was used as part of an attack (WannaCry Ransomware) across the world on May 2017.
There are some new version and similar attacks all over the world that they are using the same vulnerability to exploit users and organizations. Microsoft immediately release a security update for all available operating systems including Windows XP and Server 2003 to protect their users against this infamous ransomware (MS17-010).
Why should we install MS17-010?
Microsoft has released this critical updates to protect it's users against Eternal Blue vulnerability. As we investigate, there are many organizations who they haven't installed these security updates on their servers and workstations and they have the most potentials to be attacked by Ransomwares or Crypto mining tools. You might protect your organization by an Anti-Malware solution or some other security solutions, but since you have an UNPATCHED vulnerability, the attackers can bypass all of your security solutions. So, be careful and install the security patches ASAP.
What includes in MS17-010?
Here is the list of updates needs to be installed on your operating systems or you may wanted to enable installation of these updates on your Patch Management solution.
- Windows XP: KB4012598
- Windows Vista: KB4012598
- Windows 7: KB4012212, KB4012215, KB4019264, KB4015549
- Windows 8: KB4012598
- Windows 8.1: KB4012213, KB4012216, KB4015550, KB4019215
- Windows 10: KB4012606, KB4015221, KB4016637, KB4019474
- Windows 10 Build 1511: KB4013198, KB4015219, KB4016636, KB4019473, KB4016871
- Windows 10 Build 1607: KB4013429, KB4015217, KB4015438, KB4016635, KB4019472, KB4079472
- Server 2003: KB4012598
- Server 2008: KB4012598, KB4012212
- Server 2008 R2: KB4012212, KB4012215, KB4019264
- Server 2012: KB4012214, KB4012217, KB4019216, KB4012220, KB4015551, KB4015554
- Server 2012 R2: KB4012213, KB4012216, KB4015550, KB4019215
- Server 2016: KB4013429, KB4015217, KB4015438, KB4016635, KB4019472, KB4079472
How to check these updates installed on a PC or Server?
You can easily download "Eternal Blue Hotfix Checker Tool" to check if your required updates are installed on your system or not.
As you can in the above screenshot, You can see what updates needs to be installed on a your system and this tool will guide you to know where is the download link.
If you have any questions regarding this article, Don't hesitate to contact me through comments, email, social media, ...