漏洞类别:Windows
漏洞等级: 
漏洞信息
ETERNALBLUE is an exploit from the recent Shadow Brokers leak. This zero day exploit is remotely exploitable on systems running SMBv1 and NBT.
This information comes from the Shadow Brokers' "Equation Group" data dump.
This Zero Day is actively being exploited with the "ETERNALBLUE" exploit.
Affected Microsoft Operating Systems:
Windows XP - End of life since April 8, 2014
Windows 2003 - End of life since April 11, 2017
Windows Vista - End of life since July 14, 2015
Windows 7
Windows 8
Windows 8.1
Windows RT 8.1
Windows 2008
Windows 2008 R2
Windows 2012
Windows 2012 R2
漏洞危害
The tool "ETERNALBLUE" is being actively used to exploit SMBv1 and NBT vulnerabilities.
Successful exploitation allows an unauthenticated, remote attacker to execute arbitrary code on a targeted server.
解决方案
There are no vendor supplied patches.
Microsoft recommends users to update to latest SMB version and stop using SMBv1.
Please refer to the Microsoft KB article KB2696547 for more details.
The following affected operating systems are End of Life and Microsoft provides no support.
Windows XP - End of life since April 8, 2014
Windows Vista - End of life since April 11, 2017
Windows 2003 - End of life since July 14, 2015
Workaround:
Blocking SMB traffic at the Firewall can reduce the attack vector.
Refer to KB3185535 for more information.
0day
文章评论