CVE-2017-0144 Vulnerability: Analysis, EternalBlue, and Prevention

Verified

Added on 2023/06/07

AI Summary

This report examines the CVE-2017-0144 vulnerability, a flaw within Microsoft's Server Message Block 1.0 (SMBv1) protocol, which is notably exploited by the EternalBlue exploit and various ransomware attacks. The report details how attackers leverage this vulnerability to execute arbitrary code on target systems, potentially compromising entire networks. It further outlines proactive measures, including applying the MS17-010 patch, updating anti-malware software, and implementing security awareness training, to mitigate the risk of such attacks. The analysis concludes that addressing CVE-2017-0144 through diligent patching and heightened security protocols is essential for safeguarding systems against exploitation.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: CVE-2017-0144 VULNERABILITY
CVE-2017-0144 Vulnerability
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1
CVE-2017-0144 VULNERABILITY
This paper highlights the reasons behind the occurrence of CVE-2017-0144
vulnerability in the Common Vulnerability and Exposure (CVE) catalogue. The following
paragraphs describe the role of CVE-2017-0144 in the EternalBlue exploit. The measures that
can be taken to prevent these attacks in the future are also described in the following
paragraphs.
Common Vulnerability and Exposure is a catalogue of several known security threats
that are divided into two categories- vulnerability and exposure. The vulnerability is any
mistake in the software code that allows an attacker to access the entire system or network
directly. However, exposure means indirect access to the system in case of any mistake in the
code. CVE-2017-0144 is vulnerability in the Microsoft Server Message Block 1.0 (SMBv1)
that is used by the ransom wares to infect systems or networks (Almukaynizi et al. 2017). It
exploits the vulnerability of Server Message Block (SMB) that affects the Microsoft
Windows System. The malicious code or software attempts to exploit the Server Message
Block vulnerability when it is introduced into the Microsoft Window System. The file on the
hard drive of the system is encrypted by a malicious software and it becomes inaccessible to
the authorised user of the system. These ransom wares are spread through malicious
attachments or other infected systems in the same Local Area Network (LAN).
EternalBlue is a term that describes the software vulnerability in the Operating
System of Microsoft. The EternaBlue vulnerability is performed by exploiting the Server
Message Block (SMB) of Microsoft version 1. SMB is a protocol for network file sharing
that makes applications on the same network capable of reading and writing to the data or
files on a computer. The EternalBlue vulnerability is denoted by CVE-2017-0144 in the
catalogue of Common Vulnerability and Exposure. It occurs when the specially crafted codes
or packets by the remote attackers are mishandled by the SMBv1 in the different versions of
Microsoft Windows, as it allows the attackers to run arbitrary codes on the target systems or

2
CVE-2017-0144 VULNERABILITY
computers (Chaurasia 2018). The entire data or files of the systems that are connected to the
same server can be accessed by unauthorised users if the hackers send the specially designed
code to a Microsoft Server Message Block.
There are several measures that can be taken to reduce or eliminate the attacks in the
future. The impact of latent vulnerabilities can be reduced if the internal vulnerability
assessments are conducted to identify Microsoft Windows computer systems that are not
patched with MS17-010 and this patch is applied on the affected systems. The users are
required to update anti-malware software or endpoint protection tools to detect and remove
ransom wares. The organisations are required to conduct security awareness plans and give
them training about ransomware attacks. The users should not open attachments or links from
unknown or suspected sources.
It can be concluded from the above discussion that the CVE-2017-0144 is the
vulnerability in the Microsoft Server Message Block 1.0 (SMBv1) that is used by the hackers
to infect the target systems or computers. It can be reduced or eliminated by patching the
systems with MS17-010.

3
CVE-2017-0144 VULNERABILITY
References:
Almukaynizi, M., Grimm, A., Nunes, E., Shakarian, J. and Shakarian, P., 2017. Predicting
cyber threats through the dynamics of user connectivity in darkweb and deepweb
forums. ACM Computational Social Science. ACM.
Chaurasia, R., 2018. Ransomware: The Cyber Extortionist. In Handbook of Research on
Information and Cyber Security in the Fourth Industrial Revolution (pp. 64-111). IGI Global.