Ms17-010

Vulnerability updated 6 hours ago (2024-11-21T11:30:55.321Z)
Download STIX
Preview STIX
MS17-010, also known as "EternalBlue," "EternalSynergy," or "Eternal Romance," is a significant vulnerability in Microsoft's Server Message Block 1.0 (SMBv1) protocol that allows for remote code execution. It was first addressed by Microsoft through the release of security bulletin MS17-010 on March 14, 2017, which provided a patch for the exploit. This vulnerability affects various operating systems, including Windows XP with Service Pack 2 and 3, Windows 7 64 bit with Service Pack 1, and Windows Server 2008 with Service Pack 1. The WannaCry malware, also known as WCry or WanaCryptor, exploited this vulnerability to propagate itself like a worm. It spread through internal networks and over the public internet by taking advantage of MS17-010 in the SMB protocol. The primary infection vector in testing scenarios was a Windows 2008 Server with Service Pack 1, where the WannaCry binary was manually executed on the host. The exploitation process involves the malware executing the service function, registering the service handlers, and attempting to exploit MS17-010 against identified SMB services. When an attempt to connect to an IP on port 445 is successful, the malware tries to exploit the service via the vulnerability described in MS17-010. Despite Microsoft's efforts to patch this flaw, it remains relevant due to its potential for widespread damage and the continued presence of unpatched systems.
Description last updated: 2024-11-21T10:46:45.659Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Eternalblue is a possible alias for Ms17-010. EternalBlue is a software vulnerability, specifically a flaw in the design or implementation of Microsoft's Server Message Block (SMB) protocol. This vulnerability, officially known as CVE-2017-0144, allows for the execution of arbitrary code on affected systems. It became publicly known after a gro
6
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Exploit
Vulnerability
Worm
Remote Code ...
Ransomware
Exploits
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WannaCry Malware is associated with Ms17-010. WannaCry is a type of malware, specifically ransomware, that made headlines in 2017 as one of the most devastating cyberattacks in recent history. The WannaCry ransomware exploited vulnerabilities in Windows' Server Message Block protocol (SMBv1), specifically CVE-2017-0144, CVE-2017-0145, and CVE-2Unspecified
4
Source Document References
Information about the Ms17-010 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
3 months ago
CERT-EU
a year ago
Krypos Logic
2 years ago
MITRE
2 years ago
CERT-EU
a year ago
BAE Systems
2 years ago
MITRE
2 years ago
CERT-EU
a year ago
MITRE
2 years ago
GovCERT CH
2 years ago
MITRE
2 years ago
GovCERT CH
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
CERT-EU
a year ago
MITRE
2 years ago
CERT-EU
a year ago
MITRE
2 years ago
GovCERT CH
2 years ago