EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack.
EternalBlue exploits a vulnerability in the Microsoft implementation of the Server Message Block (SMB) Protocol. This dupes a Windows machine that has not been patched against the vulnerability into allowing illegitimate data packets into the legitimate network. These data packets can contain malware such as a trojan, ransomware, or similar dangerous program.
The SMB Protocol is a standard, system that creates a connection between client and server by sending responses and requests. When printing a document, a person may use their computer, the client, to send a request to a colleague’s computer, the server, with a request to print the document. The client and server communicate over the SMB Protocol.
The NSA did not alert Microsoft about EternalBlue’s existence for a period of five years, until a breach of the NSA compelled the agency to do so. Microsoft blames the agency for EternalBlue’s existence and its fallout, even though EternalBlue is based on what was then a Windows vulnerability. The NSA has declined to speak in detail about the hack or EternalBlue.