Wednesday, July 26, 2017

Eternal Blues - SMBv1

Newspapers, TV, Radio and Internet have been full of reports about ransomware attacks WannaCry, NotPetya and so on. This short article is not going to repeat those reports but to acknowledge that there is a new FREE tool "Eternal Blues" that helps businesses and consumers to find out, at the push of a button and scan of the network, whether the access point Server Message Block (SMB) version 1 (SMBv1) to determine the enabled state of the host; thus might be vulnerable to attack. Knowing this it enables businesses and consumers to take action to close down a potential threat. As Elad Erez confirmed to trewmte blogspot:
"Please note that having the SMBv1 in use, does not mean a host is vulnerable. SMBv1 was patched by Microsoft 4 months ago. So, the tool helps you find if hosts are in one of these states:
- SMBv1 enabled, but patch not applied, therefore host is vulnerable (the riskiest scenario)
- SMBv1 enabled and patch applied, therefore host is not vulnerable (but it is still risky to keep SMBv1 enabled, even according to Microsoft)." 
To get a brief insight to SMBv1, here is the link to Microsoft's website discussing how to disable it:
To find out about Eternal Blues visit website:
To get this FREE tool go to Download webpage:
When running this discovery tool consumers can see an IP Address range. A really easy to follow and understandable advice can be found here: " - Private Network IP Address Notation"
For businesses with different IP Address ranges check out, as a starting point, FAQs webpage here:
Good luck, stay safe!

Big shout out for Elad Erez (Eternal Blues) for creating this FREE tool.

No comments: