Windows 10 is still vulnerable to EternalBlue, the stolen NSA exploit

Costea Lestoc By: Costea Lestoc
2 minute read
windows 10 eternalblue exploit

Home » News » Windows 10 is still vulnerable to EternalBlue, the stolen NSA exploit

Security vendor ESET recently detailed the latest reports regarding Windows attacks. Researcher Ondrej Kubovič released a study about the EternalBlue exploit and its effects after one year. Long story short, the exploit became more popular even than during the WannaCry outbreak. There’s a worrying increase in the number of attacks that are based on the exploit.

And as ESET’s telemetry data shows, its popularity has been growing over the past few months, and a recent spike even surpassed the greatest peaks from 2017,” explains the researcher.

EternalBlue exploit is stronger than ever

The exploit was stolen from the NSA by the hacker group called Shadow Brokers back in April 2916 and it benefits from a vulnerability that was found in the Windows Server Message Block (SMB) protocol. Microsoft rolled out the patches even before the vulnerability became public.

Unfortunately, attackers are still looking for targets, and according to ESET’s researcher, cybercriminals are scanning the Internet for exposed SMB ports, and they’re trying to compromise hosts with an exploit that allows for payloads to be sent on the target machine.

One possible explanation for the latest peak is the Satan ransomware campaign seen around those dates, but it could be connected to other malicious activities as well. […] The exploit has also been identified as one of the spreading mechanisms for malicious cryptominers. More recently, it was deployed to distribute the Satan ransomware campaign, described only a few days after ESET’s telemetry detected the mid-April 2018 EternalBlue peak.


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


Microsoft has already made security fixes available

The patches to fix this vulnerability are already available, and this means that attackers can only hack systems that don’t have them installed. They were released by Microsoft back in March 2017, and updated computers should already be protected.

Also, ESET notes that “the infiltration method used by EternalBlue is not successful on devices protected by ESET. One of the multiple protection layers – ESET’s Network Attack Protection module – blocks this threat at the point of entry.”

The increasing number of attacks suggests that there are still a lot of systems that don’t have the patches installed which raises a lot of concern.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Download Windows 10 KB4491101 to fix OS stability issues

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Microsoft just released cumulative update KB4491101 for those who are running Windows 10 V1507 (RTM version). The update is just restricted to the users of Windows 10 […]

Continue Reading

This version of Office has been deprovisioned [FIXED]

Rabia Noureen avatar. By: Rabia Noureen
4 minute read

It is certainly annoying to face issues in your system when you have to finish off the most important task that has been assigned by […]

Continue Reading

Windows 10 v1809 KB4482887 lands next Tuesday

Irfa Batool avatar. By: Irfa Batool
2 minute read

Microsoft is planning to rollout Cumulative Update KB4482887 for Windows 10 version 1809 next week. For the time being, the update is available only for Preview […]

Continue Reading