Shadow Brokers malware – update your Windows pcs and servers

April 18th, 2017 by Stephen Jones Leave a reply »

Last Friday, hacker group Shadow Brokers released 300 MB of alleged exploits and surveillance tools targeting Windows PCs and servers. There was also evidence of hacks on the SWIFT banking system.

Microsoft in a blog post published late Friday night by Philip Misner, principal security group manager at the Microsoft Security Response Center (MSRC) said that most of these vulnerabilities were patched by previous updates
“We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed,” Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.”

In the case of the Shadow Brokers leak, “most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Misner wrote,

The following exploits were already addressed, via the updates listed in parentheses:
•EternalBlue (MS17-010)
•EmeraldThread (MS10-06)
•EternalChampion (CVE-2017-0146 and CVE-2017-0147)
•ErraticGopher (Addressed prior to the release of Windows Vista)
•EsikmoRoll (MS14-068)
•EternalRomance (MS17-010)
•EducatedScholar (MS09-050)
•EternalSynergy (MS17-010)
•EclipsedWing (MS08-067)

The three remaining exploits—EnglishmanDentist, EsteemAudit, and ExplodingCan—cannot be reproduced on supported Microsoft platforms, Misner wrote. That means that users running Windows 7 and later versions, as well as those using Exchange 2010 and later versions, are not at risk. However, users that are still running older versions of those products should upgrade immediately, the post said.

Security researchers have been speculating about why Microsoft mitigated these specific attacks a full month before they were published online. One theory is that an NSA source warned Microsoft about the impending leaks. Another sign that Microsoft may have gained prior knowledge of the exploits was its unprecedented delay in releasing its monthly updates in February, for which it did not give a reason, ZDNet reported.

For enterprise Microsoft users, the key takeaway is to always ensure your machines and software are up to date. It’s also important to stay informed on these types of breaches, especially when your business is one that deals with sensitive data.


Comments are closed.