Saturday, April 15, 2017

'Shadow Brokers' dump of NSA tools includes new Windows exploits (updated)

Paste your parsed code here.
Paste your parsed code here.

Releasing this information ahead of a holiday weekend may make it harder for Microsoft and IT workers to respond, as anyone with bad intentions now has access to a number of previously unknown exploits. As security researchers like Matthew Hickey (aka @hackerfantastic) scan through tools with names like ETERNALBLUE (a remote exploit for XP and above) and FUZZBUNCH (a framework that helps control use of the other attacks), Marcy Wheeler notes that the NSA has known these tools were out there since January, when The Shadow Brokers listed them for sale.

For now, the response from a Microsoft spokesperson is that “We are reviewing the report and will take the necessary actions to protect our customers.”

So what is there to do if you’re not a network admin and just use a Windows computer, whether at work or at home? In a quote to Motherboard, one hacker said to have formerly worked for the Department of Defense says plainly that “It’s not safe to run an internet-facing Windows box right now.”

Of course, your PC is — or should be — behind a router/firewall. I spoke to Travis Smith, a Senior Security Research Engineer at Tripwire, and he explained that for the tools released, they largely rely on local network protocols that attackers use to move from one compromised PC to others across a network. As he put it “even if you aren’t running the latest greatest operating system and you don’t have antivirus, if your Windows laptop isn’t plugged directly into the internet, then your risk profile greatly diminishes.” If you do have an antivirus, like Microsoft’s Windows Defender, or products from McAfee, Kaspersky and the like, they should update quickly to recognize these executables now that they’re known.

Contacted via email, Matthew Hickey expressed a similar outlook, saying that “most home users will not be directly impacted by these vulnerabilities as an attacker needs to connect to services on their computer. The risk is much bigger to enterprise and businesses who rely on these services to connect online.”

No matter what software you’re running though, making sure you’re up to date with the latest patches will be one of the best things you can do to defend yourself. Also, as Travis explains, it’s possible the code could eventually be modified to attack newer systems including Windows 10 and Windows Server 2016, but that will likely take more than a couple of days. Even if remote exploits or a worm don’t arise from the use of these tools, now that they’re out in the wild they could still be delivered by the web, email or even a USB stick. Matthew closed out his email by noting that “Microsoft will need to release fixes for several of the ETERNAL exploits and customers should ensure they apply them as soon as available.”

Paste your parsed code here.
Paste your parsed code here.


Post a Comment


google analytics

Contact Form


Email *

Message *

Last Hour Hits

Copyright © Tech Visions