Q
Problem solve Get help with specific problems with your technologies, process and projects.

Stopping EternalBlue: Can the next Windows 10 update help?

The upcoming Windows update, Redstone 3, will patch the vulnerability that enables EternalBlue exploits. Expert Judith Myerson discusses protection methods to use until the update.

I use Windows 10 for business purposes, and the NSA's EternalBlue exploit has been ported to the OS. What can users...

do to prevent EternalBlue from affecting Windows 10?

In September 2017, Microsoft will release the Windows 10 Redstone 3 update, and Server Message Block version 1 (SMBv1) will be officially kicked out. EternalBlue will be prevented from exploiting a vulnerability (CVE-2017-0144), and all files in Windows 10 and Office 365 will be protected from malicious remote execution.

Many Windows users didn't install patches for previous Windows versions that are currently supported by Microsoft. They became victims of the WannaCry ransomware that made use of EternalBlue. Impacted files were shared between Windows clients and servers through the vulnerable protocol.

Researchers at RiskSense showed how EternalBlue could help an attacker launch a remote execution attack. They used its DoublePulsar backdoor payload and the NSA's Fuzzbunch platform, which is similar to Metasploit, to port the EternalBlue exploit to Windows 10 x64 version 1511, codenamed Redstone 2.

While organizations wait for Redstone 3's release, they can apply guidance found in Microsoft Security Bulletin MS17-010. SMBv1 can easily be disabled by clearing the SMB1.0/CIFS File Sharing Support checkbox in the Control Panel in Windows 8.1 or later. Organizations can use similar methods for Windows Server 2012 R2 and later.

Redstone 3 will save organizations the headache of making laborious manual changes in the thousands of Windows PCs and servers they oversee domestically or internationally.

The SMBv2 protocol was introduced in Windows Vista and Windows Server 2008. The SMBv3 protocol was introduced in Windows 8 and Windows Server 2012. All three SMB versions are available in non-Microsoft operating systems that would enable connection with Windows 10.

Microsoft doesn't recommend disabling SMBv2 or SMBv3 for Windows client and server operating systems. Disabling SMBv3 will deactivate encryption that provides protection from eavesdropping on untrustworthy networks. Organizations should proceed with caution when disabling either protocol as a temporary troubleshooting measure.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn about the similarities between EternalBlue and a Samba vulnerability

Find out more about the clash between Microsoft and the NSA over EternalBlue and WannaCry

Discover whether the WannaCry decryptor could work on other ransomware strains

This was last published in August 2017

Dig Deeper on Microsoft Windows security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Where is the date of the article?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close