So it has come to light that many of the exploits released, have been ported to all Windows versions.
A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000.
The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA.
The above sourced from this article
The implications of this are quite astounding. It seems that most systems are going to need some major attention in order to be secure. WannaCry is a household name by now, imagine people being able to implement worse things than this, such as the ability to write and run system level code! All of this is pretty alarming. There may be some patches released soon, but no word of this yet.
A small snippet of what these exploits can do
A full list of all affected systems
Windows 2000 SP0 x86
Windows 2000 Professional SP4 x86
Windows 2000 Advanced Server SP4 x86
Windows XP SP0 x86
Windows XP SP1 x86
Windows XP SP2 x86
Windows XP SP3 x86
Windows XP SP2 x64
Windows Server 2003 SP0 x86
Windows Server 2003 SP1 x86
Windows Server 2003 Enterprise SP 2 x86
Windows Server 2003 SP1 x64
Windows Server 2003 R2 SP1 x86
Windows Server 2003 R2 SP2 x86
Windows Vista Home Premium x86
Windows Vista x64
Windows Server 2008 SP1 x86
Windows Server 2008 x64
Windows 7 x86
Windows 7 Ultimate SP1 x86
Windows 7 Enterprise SP1 x86
Windows 7 SP0 x64
Windows 7 SP1 x64
Windows Server 2008 R2 x64
Windows Server 2008 R2 SP1 x64
Windows 8 x86
Windows 8 x64
Windows Server 2012 x64
Windows 8.1 Enterprise Evaluation 9600 x86
Windows 8.1 SP1 x86
Windows 8.1 x64
Windows 8.1 SP1 x64
Windows Server 2012 R2 x86
Windows Server 2012 R2 Standard 9600 x64
Windows Server 2012 R2 SP1 x64
Windows 10 Enterprise 10.10240 x86
Windows 10 Enterprise 10.10240 x64
Windows 10 10.10586 x86
Windows 10 10.10586 x64
Windows Server 2016 10.10586 x64
Windows 10 10.0.14393 x86
Windows 10 Enterprise Evaluation 10.14393 x64
Windows Server 2016 Data Center 10.14393 x64
Nothing new. NSA exploits ported in the past.
Part of Dillon's code uses a previous port of the EternalSynergy exploit created by security researcher Worawit Wang. Bleeping Computer previously covered in an article how Wang ported EternalSynergy to work on newer Windows versions.
In June 2017, Dillon also ported the EternalBlue exploit to work on Windows 10. Dillon also discovered the SMBLoris vulnerability.
Besides EternalBlue, the NotPetya and Bad Rabbit ransomware outbreaks also utilized the EternalRomand exploit that Dillon has recently ported to target a more broader spectrum of Windows versions.
Dillon also included the following disclaimed with his ports, wanting people to know the code was created to help companies identify vulnerable machines through pen-testing and develop mitigation
Also sourced from the article.
So while this isn't something new, this is something to be very, very cognizant of.
Stay safe out there!
-rngdz
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.bleepingcomputer.com/news/security/nsa-exploits-ported-to-work-on-all-windows-versions-released-since-windows-2000/
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit