With the recent spread of the #WannaCry (Update 6/27/17: and #Petya) ransomware over the past week, the IT community has been in a frenzy to patch vulnerable systems that are missing the MS17-010 patch that Microsoft released back in March 2017. If you need to scan your network for possible vulnerable systems, you can use a tool called NMap (or. Microsoft Security Bulletin MS17-010 - Critical.; 12 minutes to read Contributors. In this article. As well as download data via a restful API.
The latest dump of hacking tools allegedly belonged to the NSA is believed to be the most damaging release by the Shadow Brokers till the date.
But after analyzing the disclosed exploits, Microsoft security team says most of the windows vulnerabilities exploited by these hacking tools, including EternalBlue, EternalChampion, EternalSynergy, EternalRomance and others, are already patched in the last month's Patch Tuesday update. 'Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Customers still running prior versions of these products are encouraged to upgrade to a supported offering,' Microsoft Security Team said in a blog post published today.On Good Friday, the Shadow Brokers released a massive trove of Windows hacking tools allegedly stolen from NSA that works against almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and their server-side variants such as Server 2000, 2003, 2008, 2008 R2 and 2012, except Windows 10 and Windows Server 2016. The hacking exploits could give nearly anyone with technical knowledge the ability to break into millions of Windows computers and servers all over the Internet, but those which are not up-to-date. 'Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk.' Microsoft says. The data dump also includes some top-secret presentations and excel sheets, indicating that the leaked exploits may have been used to hack the SWIFT banking system of several banks across the world.
Even though NSA exploits are patched, the Shadow Brokers leak is still big, which provides info on NSA targeting SWIFT Networks Hacking tool, called Eternalromance, contains an easy-to-use interface and exploits Windows systems over TCP ports 445 and 139. The most noteworthy exploit in the Friday's dump is Eternalblue — an SMBv1 (Server Message Block 1.0) exploit that could cause older versions of Windows to execute code remotely. Matthew Hickey, a security expert and co-founder of Hacker House, also published a video demonstration, using this exploit against a computer running Windows Server 2008 R2 SP1 and pulling off the hack in less than 2 minutes with another alleged zero-day FuzzBunch, which is being used to compromise a virtual machine running Windows Server 2008. ![]() But if the company already patched this flaw last month, then how could this exploit works against an updated machine? It seems like the researcher tried this exploit against a Windows PC without installing the latest updates. 'The patches were released in last month's update, I tested on a fully patched Windows 2008 R2 SP1 (x64), so many hosts will be vulnerable - if you apply MS17-010 it should protect hosts against the attacks,' Matthew clarifies during a conversation with The Hacker News. No Acknowledgement for SMB RCE Issue by MicrosoftThere's also news floating around the Internet that the 'NSA has had, at a minimum, 96 days of warning,' knowing that the Shadow Brokers could drop the files at any time, but the agency did not report the flaws to Microsoft. The Intercept also reported that Microsoft told it that the company had not been contacted by any 'individual or organization,' in relation to the hacking tools and exploits released by the Shadow Brokers. The vulnerabilities have already been patched by Microsoft, which acknowledges all security researchers for reporting the issues in its products, but, interesting, there are no acknowledgments for MS17-010 which patched most of the critical flaws from the Shadow Brokers dump.
It’s noteworthy, there’s no acknowledgement for recently patched MS17-10 SMB flaw on Microsoft (used in Eternalblue)
Wanna Cry Virus DownloadThis indicates that someone from the agency or linked with defense contractor might have warned the company of the SMB RCE issue. So, only those who are still using Windows XP, which Microsoft doesn't support for very long, are at risk of getting their machines hacked. And there is no need to panic if you use updated Windows 7, 8 or 10 (or even Windows Vista, whose support ended just last week and the issue was patched last month). The simple advice for you is to always keep your Windows machines and servers up-to-date in order to prevent yourself from being hacked.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Following the massive Wana Decrypt0r ransomware outbreak from yesterday afternoon, Microsoft has released an out-of-bound patch for older operating systems to protect them against Wana Decrypt0r's self-spreading mechanism.
The operating systems are Windows XP, Windows 8, and Windows Server 2003. These are old operating systems that Microsoft stopped supporting years before and did not receive a fix for the SMBv1 exploit that the Wana Decrypt0r ransomware used yesterday as a self-spreading mechanism.
That mechanism is a modified version of the ETERNALBLUE exploit, an alleged NSA hacking tool leaked last month by a group known as The Shadow Brokers.
Original MS17-010 patch didn't include XP/Win8 fixes
Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010. That security bulletin only included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
As the SMBv1 is a protocol that comes built-in with all Windows versions, the computers which did not receive MS17-010 remained vulnerable to exploitation via Wana Decrypt0r's self-spreading package.
'Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download,' Microsoft said in a statement. 'This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind.'
Researchers believe that Wana Decrypt0r — also referenced online as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected over 141,000 computers.
While unconfirmed, many believe older Windows XP and Windows Server versions were the bulk of the infections pool, as they had no way to protect themselves.
Patch systems and disable SMBv1 where possible
Besides installing these out-of-band updates — available for download from here — Microsoft also advises companies and users to disable the SMBv1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3.
The current Wana Decrypt0r outbreak has been stopped last night after a security researcher found a kill switch. This is only temporary, as the attackers could release a new version of this threat. This is why patching the SMBv1 exploit is a better solution.
Ms17 10 Patch
For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic. Bleeping Computer also published a technical analysis of the Wana Decrypt0r ransomware.
![]() Ms17-010 Windows 10 Patch DownloadRelated Articles:Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |