EternalBlue is computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a zero-day vulnerability in Microsoft Windows software that allowed users to gain access to any number of computers connected to a network. The NSA was aware of this vulnerability but did not disclose it to Microsoft for several years, as it intended to use the exploit as part of its offensive cyber operations. In 2017, the NSA discovered that the software had been stolen by a group of hackers known as the Shadow Brokers. Microsoft might have been informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then released publicly on April 14, 2017.

On May 12, 2017, a computer worm in the form of ransomware, nicknamed WannaCry, used the EternalBlue exploit to attack computers using Windows that had not received the latest system updates removing the vulnerability. On June 27, 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more vulnerable computers.

The exploit was also reported to have been used since March 2016 by the Chinese hacking group Buckeye (APT3), after they likely found and re-purposed the software, as well as reported to have been used as part of the Retefe banking trojan since at least September 5, 2017.

EternalBlue exploits a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol. This vulnerability is denoted by entry CVE-2017-0144 in the Common Vulnerabilities and Exposures (CVE) catalog. The vulnerability exists because the SMB version 1 (SMBv1) server in various versions of Microsoft Windows mishandles specially crafted packets from remote attackers, allowing them to remotely execute code on the target computer.

The NSA did not alert Microsoft about the vulnerabilities, and held on to it for more than five years before the breach forced its hand. The agency then warned Microsoft after learning about EternalBlue's possible theft, allowing the company to prepare a software patch issued in March 2017, after delaying its regular release of security patches in February 2017. On Tuesday, March 14, 2017, Microsoft issued security bulletin MS17-010, which detailed the flaw and announced that patches had been released for all Windows versions that were currently supported at that time, these being Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.

The Shadow Brokers publicly released the EternalBlue exploit code on April 14, 2017, along with several other hacking tools from the NSA.

Many Windows users had not installed the Microsoft patches when, on May 12, 2017, the WannaCry ransomware attack started to use the EternalBlue vulnerability to spread itself. The next day (May 13, 2017), Microsoft released emergency security patches for the unsupported Windows XP, Windows 8, and Windows Server 2003.

In February 2018, EternalBlue was ported to all Windows operating systems since Windows 2000 by RiskSense security researcher Sean Dillon. EternalChampion and EternalRomance, two other exploits originally developed by the NSA and leaked by The Shadow Brokers, were also ported at the same event. They were made available as open sourced Metasploit modules.