Contact Us Today 01642 716680


Definition: EternalBlue is the name given to a cybersecurity exploit that targets vulnerabilities in Microsoft's implementation of the Server Message Block (SMB) protocol. It was believed to have been developed by the U.S. National Security Agency (NSA) and was leaked by the hacker group known as The Shadow Brokers in April 2017.

EternalBlue is notorious for its role in several extensive cyber attacks, most famously during the WannaCry ransomware outbreak in May 2017, and subsequently in the NotPetya attack. The exploit allows unauthorized remote execution of commands by sending specially crafted packets over the network to a target vulnerable SMB server. It can enable attackers to spread malware across networks rapidly without user interaction, which is partly why the attacks leveraging EternalBlue were able to proliferate so quickly and widely.

Following the leak of EternalBlue, Microsoft released a security patch to address the underlying vulnerability. However, the existence of unpatched systems and the exploit’s potent capabilities cemented its status as a significant threat. EternalBlue emphasised the importance of robust patch management policies and the risks of stockpiling cyber weapons.

Key Characteristics:

  • Remote Code Execution: Enables the execution of arbitrary code on the target system.
  • Exploiting SMB Protocol: Targets older Windows systems with a specific vulnerability in SMB.
  • Led to Major Cyber Attacks: Notably used in the spread of the WannaCry ransomware.
  • Highlights Importance of Patching: Demonstrated the risk of not quickly applying security updates to known vulnerabilities.


  • Real-World Example: EternalBlue was used in the WannaCry ransomware attack to rapidly infect unpatched Windows computers across multiple countries and industries.
  • Hypothetical Scenario: An attacker scans the internet for machines that still have the SMB vulnerability unpatched. Upon finding a vulnerable server, they use EternalBlue to gain access and install malware.

Related Terms:

  • Exploit: A method taking advantage of a vulnerability in software to perform unauthorised actions.
  • Ransomware: Malicious software that encrypts a victim’s files and demands payment for the decryption keys.
  • WannaCry: A global ransomware campaign in 2017 that used EternalBlue to infect systems.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.