Microsoft EternalBlue - Remote Code Execution (MS17-010 - CVE-2017-0144) (CVE-2017-0144)

Severity
CVSSv3 Score: 8.1
CVE: CVE-2017-0144

Vulnerability description

Microsoft Server Message Block 1.0 (SMBv1) is affected by a Remote Code Execution. The root cause of this vulnerability is the improper packet handling of the SMBv1 traffic.

Risk description

The risk exists that a remote unauthenticated attacker could execute arbitrary code via specially crafted SMBv1 requests and thus can compromise the target system.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Appy the latest updates for your Windows version.

References

https://nvd.nist.gov/vuln/detail/cve-2017-0144

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0144

Codename

EternalBlue

Detectable with: Network Scanner
Exploitable with Sniper: Yes
Vuln date: Mar 2017
Published at: Mar 2022
Updated at: Mar 2022
Software Type: Operating System
Vendor: Microsoft
Product: Windows