Don't Be Eternally Blue: How to Make Sure the Baltimore Hack Doesn't Happen to You

The malware WannaCry, BadRabbit, and NotPetya have caused over $1 billion in damages worldwide. The real trouble is that they all share one exploit in common: EternalBlue.

EternalBlue is responsible for some of the most severe cyber attacks in history, and has recently crippled the city of Baltimore. With all systems and files locked down, the city has only two choices: pay the ransom or start over.

Over the past three years, the EternalBlue flaw has been implicated in many attacks. Like WannaCry, EternalBlue leverages remote code execution - the ability to run custom, malicious code inside of your systems without the need to even touch the machine. More worrying, EternalBlue has “wormlike” traits, easily tunneling into your network and spreading itself across your Windows systems using the same exploit. When undetected and unpatched, EternalBlue can allow hackers to easily steal data or, in the case of Baltimore, pair with ransomware to demand payment for your files and systems.

Even worse, Microsoft already had a fix available for the EternalBlue flaw back in March of 2017. If systems aren’t patched by this point, it’s likely they never will be without your intervention. Do you know if all of your systems are up to date? If not, you also might find yourself stuck with the same dilemma as Baltimore, either paying a bribe or losing all of your data.

Your Plan of Attack? Patch Now!

The most effective way to keep your Windows systems secure against EternalBlue-based attacks is to get them up to date immediately. The latest Security Only and Rollup patches issued in May 2019 contain patches for this exploit and can help you avoid the costly situation that Baltimore is now in. Even if you deem your systems low risk, the exploit method for EternalBlue makes it a risk for every single Windows machine you manage.

Details on CVE-2017-0144 from March of 2017 can be found here, and after Baltimore’s exploit the message could not be more clear: Patch now!

Here are the questions you need to ask your IT and security teams to determine risk:

  • Do we have systems that are exposed to this exploit?
  • How do we know that we are not at risk?
  • Are all of our systems patched and up to date? Where can I see that?
  • Do we have a plan to review and apply critical patches quickly?
  • Do our legacy systems have the right configurations and software installed?

If you or your team are unable to answer any of these questions, Automox is here to help. Sign up for a 15-day free trial to start answering these questions today.

How do I patch EternalBlue on my devices with Automox?

If you’ve already updated and have Automox policies in place, you should be secure. If not, we can help.

Automox can keep you automatically patched even if you are using legacy systems with limited updates or support. Due to the limited support options available for systems older than Windows Server 2008 R2, Automox recommends that you set up a single Patch All or Patch Critical policy for these devices or look for opportunities to upgrade to Windows 10 or Windows Server 2019.

You can also find specific impacted systems from the Software page (if enabled).

Log in to the console and click on the ‘Software’ icon found in the left navigation pane. In the search box on the ‘Software’ page, simply type the number of any KB or software title and hit enter. You can also sort the list by severity level, Critical. If devices are impacted, you will see a list of all impacted devices and versions, as well as information on severity and the associated CVE.

Users on Windows XP and Vista will need to take extra steps to patch. Visit the Windows Update Catalog to manually install the package to any XP device.

Automox can help ensure your systems are adequately patched in a timely manner in order to protect your organization against any vulnerability. As a best practice, you should always ensure that you have at least one patch policy assigned to all of your devices for Critical, Medium, and Low severity patches. These updates are generally Security and Cumulative software updates. Automox is designed to automate your response to zero-day vulnerabilities like this and others across the Windows, MacOS, and Linux operating systems.

Current Automox customers can create policies that automatically handle the patching and execution of important updates for you every single month. Alternatively, you may contact our support team for any technical assistance at

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.