Security researcher reveals 60k hosts still vulnerable to EternalBlue

Just two weeks after the EternalBlue exploit discovery, made famous by the WannaCry ransomware attack, Elad Erez, director of innovation at Imperva, has found that 60k hosts are still vulnerable to the exploit.


Elad developed Eternal Blues, a free EternalBlue vulnerability scanner which helps find the blind spots in your network, those endpoints that are still vulnerable to EternalBlue.

Upon analysing the statistics from the scanner, Elad was shocked to discover that there were tens of thousands of machines still vulnerable to the Microsoft Windows SMB Server vulnerabilities that made attacks like WannaCry and NotPetya possible. This SMBv1 protocol is enabled by default on all Windows machines and many aren’t even aware of it, or that it can be exploited.

Key results from the scanner include:

  • More than 8 million IPs were scanned. France taking the lead with 1.5 million
  • The top 3 vulnerable countries (out of ~130), had more than 30,000 vulnerable hosts altogether
  • The majority (53.82%) of hosts still have SMBv1 enabled
  • 1 out of 9 hosts in a network is vulnerable to EternalBlue
  • One network, with almost 10,000 hosts (not IPs), had 2 vulnerable hosts. How could anyone find that without Eternal Blues?

Elad’s scanner is extremely simple to use. By hitting the ‘scan’ button, it will immediately alert which computers are vulnerable and which aren’t.

You can read more about these worldwide statistics here.