{"id":4146,"date":"2025-03-14T20:46:05","date_gmt":"2025-03-15T04:46:05","guid":{"rendered":"https:\/\/www.antivirusaz.com\/faq\/?post_type=ht_kb&p=4146"},"modified":"2025-04-07T10:50:49","modified_gmt":"2025-04-07T18:50:49","slug":"what-is-eternalblue-exploit","status":"publish","type":"ht_kb","link":"https:\/\/www.antivirusaz.com\/faq\/art\/what-is-eternalblue-exploit\/","title":{"rendered":"What is EternalBlue exploit?"},"content":{"rendered":"

EternalBlue<\/strong> is a software exploit that targets a vulnerability in Microsoft\u2019s Server Message Block (SMB) protocol. It allows an attacker to remotely execute code on unpatched Windows systems. EternalBlue was developed by the U.S. National Security Agency (NSA) and leaked by a hacking group known as the Shadow Brokers in 2017.<\/p>\n

How does EternalBlue work?<\/strong>
\nEternalBlue exploits a flaw in SMBv1. When a vulnerable system receives specially crafted packets, it allows remote attackers to execute arbitrary code. This can lead to full system compromise without user interaction.<\/p>\n

Which systems are vulnerable to EternalBlue?<\/strong>
\nWindows operating systems that had SMBv1 enabled and were not patched against the MS17-010 vulnerability<\/a> are susceptible. This includes versions from Windows XP to Windows Server 2012.<\/p>\n

Why is EternalBlue significant?<\/strong>
\nEternalBlue became widely known after it was used in major ransomware<\/a> and malware attacks, such as WannaCry<\/a> and NotPetya<\/a>. These attacks caused massive global damage by spreading rapidly and encrypting or destroying data.<\/p>\n

What was the impact of attacks using EternalBlue?<\/strong>
\nWannaCry infected over 200,000 computers in 150 countries, disrupting hospitals, businesses, and government systems. NotPetya caused billions in damages, particularly in Ukraine and among multinational companies.<\/p>\n

How can EternalBlue be prevented?<\/strong><\/p>\n