CVE-2017-0145 is a remote code execution vulnerability in the SMBv1 server implementation in multiple Microsoft Windows versions, including Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold/1511/1607, and Windows Server 2016. The flaw allows a remote, unauthenticated attacker to send crafted SMB packets to a vulnerable SMBv1 server and trigger arbitrary code execution. Microsoft identifies it as the "Windows SMB Remote Code Execution Vulnerability." The provided content also associates this issue with the broader set of SMBv1 flaws weaponized in WannaCry and Petya campaigns.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
1 valid exploit after Mallory filtered fakes, detection scripts, and README-only repos (3 hidden).
This repository is a small lab/demo project built around a Metasploit exploit module and a harmless ransomware-themed batch script. Because it is part of the Metasploit framework, the main exploit file is ms17_010_eternalblue.rb, a Ruby Metasploit module implementing the EternalBlue SMB exploit against vulnerable Microsoft Windows SMBv1 targets. The module is clearly a real exploit, not just a detector: it performs SMB protocol interaction over TCP/445, supports anonymous or credentialed SMB authentication, uses the auxiliary/scanner/smb/smb_ms17_010 check module, and is designed to achieve remote kernel memory corruption leading to arbitrary code execution. The module metadata indicates support for multiple Windows versions including Windows 7, Windows Embedded Standard 7, Server 2008 R2, Windows 8/8.1, Server 2012, and some Windows 10 Pro builds, and references the MS17-010 vulnerability set (CVE-2017-0143 through CVE-2017-0148). In practical use, the README demonstrates pairing it with a windows/x64/meterpreter/reverse_tcp payload to obtain a SYSTEM-level Meterpreter session. Repository structure is simple: README.md documents a university lab exercise, exploitation workflow, post-exploitation commands, and mitigation via KB4012212; ms17_010_eternalblue.rb is the actual exploit module; wannacry64.bat is a separate Windows batch file that only simulates a WannaCry-style ransom screen. The batch file contains no encryption, persistence, propagation, or destructive logic; it displays a countdown, fake progress bar, sample filenames, and a hardcoded Bitcoin address as part of the visual demo. Overall, the repository’s purpose is educational: demonstrate exploitation of MS17-010 in an isolated lab, show post-exploitation access, and then illustrate a safe ransomware-themed payload simulation plus patch-based mitigation.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A Windows SMBv1 remote code execution vulnerability (part of the MS17-010 set) referenced as heavily exploited and associated with ransomware outbreaks.
A critical SMB vulnerability in Microsoft Windows (EternalBlue) exploited for remote code execution, widely used in ransomware and malware campaigns.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.