Jump to content

Eternal Blue checker help?


Hydra
 Share

Recommended Posts

Failed to get version of 'C:\WINDOWS\system32\Drivers\srv.sys'.
We are unable to tell if your computer is vulnerable.
I get this message every time I use the eternal blue checker, how to check manually or fix this?

Link to comment
Share on other sites

On 11/20/2020 at 2:03 AM, Marcos said:

I'd suggest using Procmon to find out if tool gets access denied on the file. Did you run the tool as an administrator?

Yes I ran as admin but it continues to show, also what is Procmon, and how do I fix this?

Link to comment
Share on other sites

I can verify the tool no longer works on Win 10 20H2.

Believe the issue is the driver it is attempting to verify, C:\WINDOWS\system32\Drivers\srv.sys, no longer exists. In 20H2, it is named srv2.sys.

Guess tool needs to be updated in that if it can't find srv.sys, you also are not vulnerable to EternalBlue.

Link to comment
Share on other sites

8 hours ago, Hydra said:

So my pc is 20H2 right? Does that mean its patched?

Yes.

Here's a Microsoft article detailing Windows versions vulnerable to EternalBlue: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed

Also I realized why srv.sys no longer exists on my device. Windows will auto remove SMBv1 10 days after installation if it is not used. Additionally if srv.sys exists on later Win 10 installations, you are not vulnerable since this driver has been patched against this exploit.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...