"Eternal Blues is a free EternalBlue vulnerability scanner. It helps finding the blind spots in your network, these endpoints that are still vulnerable to EternalBlue..." http://omerez.com/eternalblues/
Ran the scanner on XP Pro SP3 after the MS patch installed and rebooted and it still says it is vulnerable.
The developer reports that the thing is giving false positives. Look at the bottom of the utility webpage. Does it even support XP ?
xp sp3 here patch not applied, shows port 203 vulnerable. edit: shows 203 something vulnerable, not sure if that means a port. Several other scanners show all ports closed.
It doesn't support XP but with your latest patch, your SMB vulnerability should be addressed. Home users shouldn't worry about it since they never run SMB. Corporate and institutional users are more susceptible.
There is some old hardware like printers and wifi speakers that use SMBv1. However, if the system is behind a NAT router, SMBv1 enabled does not present a high risk. It's the client-server configuration that is the real killer - and as you state, very few home user systems are configured as such. This whole SMB thing is blown way out of proportion by those that lack understanding.
For those asking themselvers "How do I know I'm actually behind a NAT router"? http://ask-leo.com/how_do_i_know_if_im_behind_a_nat_router.html
I have a Zyxel modem/router so I'm behind a NAT router. If you have a secured network, SMBv1 enabled isn't a high risk. A broadband modem also doubles as a router and typically displays a connection as 192.168.0.1 - as mine does. That means one is behind a hardware firewall and what is displayed is the local protocol that connects to the Internet - NAT means Network Address Translation.
Eset has a scanner to verify if EternalBlue patch has been installed: https://help.eset.com/eset_tools/ESETEternalBlueChecker.exe
Thanks. I got srv2.sys instead of srv.sys which this utility is looking for. This legend is what I get when executing ESETEternalBlueChecker.exe: Code: ESET CVE-2017-0144 vulnerability checker Copyright 1992-2017 ESET spol. s r.o. Checking your system for CVE-2017-0144 vulnerability. Failed to get version of 'C:\Windows\system32\Drivers\srv.sys'. We are unable to tell if your computer is vulnerable. Press any key to close this application ...
Yes I did. Wonder what the tool's output is when SMBv1 is installed though. On a patched and non-patched system.
Here is another Eternal Blue vulnerability scanner by Eset. https://www.eset.com/us/about/newsr...y-checker-to-help-combat-wannacry-ransomware/ http://support.eset.com/kb6481/?viewlocale=en_US
It seems to me the same tool posted by @itman above. Post #15. However, it's a good thing to have another post with links pointing to. Thanks @Cutting_Edgetech
