It is to be hoped that after the WannaCry and NotPetya outbreaks, companies will finally make sure to install – on all their systems – the Windows update that patches SMB vulnerabilities leveraged by the EternalBlue and EternalRomance exploits.
These exploits are currently available to practically any hacker who might want to use them, and protecting systems against them should be a must for every organization.
But while bigger ones might have an IT department that will make sure to locate these systems and fix the problem, small organizations and mom-and-pop style businesses might not know where to start.
Are you vulnerable?
Here is where Eternal Blues, a free, one-click, easy-to-use EternalBlue vulnerability scanner can come in handy.
Developed as a private project by Elad Erez, Director of Innovation at Imperva, Eternal Blues will only tell users if one of their computer is vulnerable – they will have to implement the needed security update themselves. The tool does NOT exploit the vulnerability, so it can’t be used for mounting attacks.
“The motivation [for creating this tool] came right away after latest WannaCry massive propagation through SMBv1. It shocked me how many systems were exposed to this,” Erez told Help Net Security.
After the NotPetya attack, during which attackers only needed to compromise one vulnerable endpoint to disrupt the entire network, it was clear to him that this tool had a lot of value, so he made it available for download.
The tool is mainly aimed at those who don’t have a security/IT team and/or don’t know how to check if they are exposed to the next attack leveraging those exploits.
But he also thinks that system administrators might find it useful. “I bet there will always be a few endpoints that are not monitored by IT, leaving them exposed to this vulnerability,” he noted.
In fact, he says that he has tested the tool on real networks, and that it found a few vulnerable computers on most of them. Still, he notes that this is a “no-guarantees-use-at-your-own-risk tool.”