NSA '0-Days' Leaked

Forums › Microsoft Windows › NSA '0-Days' Leaked

Andib

1396 posts

Uber Geek
+1 received by user: 974

ID Verified

Trusted

#213855 15-Apr-2017 17:08

It looks like the not so secret 'secret' that the NSA was holding back unreleased 0-Day exploits has been proven true.

A stack of alleged NSA exploits for all Windows OS's older than 8.1 & Server 2012 R2 have been released into the wild.

More info: https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/

List of exploits:

ETERNALROMANCE — Remote privilege escalation (SYSTEM) exploit (Windows XP to Windows 2008 over TCP port 445)

ENTERNALCHAMPION, ETERNALSYSTEM — Remote exploit up to Windows 8 and 2012

ETERNALBLUE — Remote Exploit via SMB & NBT (Windows XP to Windows 2012)

EXPLODINGCAN — Remote IIS 6.0 exploit for Windows 2003

EWORKFRENZY — Lotus Domino 6.5.4 and 7.0.2 exploit

ETERNALSYNERGY — Windows 8 and Windows Server 2012

FUZZBUNCH — Exploit Framework (Similar to Metasploit) for the exploits.

It will be interesting to see how quickly Microsoft respond considering we're only 3 days into this patch month.

Edit: update from Microsoft is that you're not at risk if fully patched. https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

gzt

18682 posts

Uber Geek
+1 received by user: 7824

Lifetime subscriber

#1764771 15-Apr-2017 17:41

svr2012 Microsoft will care about. svr2008 is near end of support life.

nathan

5695 posts

Uber Geek
+1 received by user: 1630
Inactive user

#1764843 16-Apr-2017 07:00

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products.

https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

toyonut

1508 posts

Uber Geek
+1 received by user: 211

#1766516 18-Apr-2017 08:59

https://threatpost.com/shadowbrokers-windows-zero-days-already-patched/125009/

I think MS response to this has been great, from reveal on Friday to notice of fixes and patches yesterday and through the weekend. Lots of staff put in some long hours over Easter to sort this.

Also, just to re-iterate Jeffery Snover, Ned Pyle and others have been saying for months - if you are still using smb1, disable it and get rid of it. There is no good reason to be using it.

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

Try Vultr using this link and get us both some credit:

http://www.vultr.com/?ref=7033587-3B

Dairyxox

1595 posts

Uber Geek
+1 received by user: 455

#1766831 18-Apr-2017 15:59

I'm really annoyed Windows 8 support got dropped like a hot rock.

I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).

Now its a huge target for these kinds of hacks, even Windows 7 is more secure.

Hugely disappointed in Microsoft, support your products dammit.

Andib

1396 posts

Uber Geek
+1 received by user: 974

ID Verified

Trusted

#1766881 18-Apr-2017 16:53

Dairyxox:

I'm really annoyed Windows 8 support got dropped like a hot rock.

I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).

Now its a huge target for these kinds of hacks, even Windows 7 is more secure.

Hugely disappointed in Microsoft, support your products dammit.

This is off topic, But 8.1 is essentially just a service pack to 8, They dropped support for Win 7 pretty quickly after SP1 was released. I'd personally look at moving it to Win 10.

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

nathan

5695 posts

Uber Geek
+1 received by user: 1630
Inactive user

#1766963 18-Apr-2017 19:36

Dairyxox:
I'm really annoyed Windows 8 support got dropped like a hot rock.

I've got a machine I purchased windows 8 for, I like it (8), its suitable for what its used for, and its incompatible with Windows 8.1 (crashes after install every time).

Now its a huge target for these kinds of hacks, even Windows 7 is more secure.

Hugely disappointed in Microsoft, support your products dammit.

Was support not able to help you get it upgraded or figure out why it crashes on upgrade?

Mighty Ape

Shop now at Mighty Ape (affiliate link).

Dairyxox

1595 posts

Uber Geek
+1 received by user: 455

#1767012 18-Apr-2017 21:40

No. It was a frustrating experience, and felt like Microsoft tried to pass the blame onto the motherboard manufacturer.

I've tried clean installs, in-place upgrades, media creation tools, resetting bios defaults, stripping back the build (back to onboard graphics), memtests etc. It was a waste of days of effort.

Personally I suspect an intel chipset issue. But 8.0 works fine. Patch the OS I paid for please.

TBH (getting off topic now) this is the straw thats broken my patience, as 8.0 has been dropped from '3rd party' support way too early as well - for reasons I don't understand.

yitz

2239 posts

Uber Geek
+1 received by user: 594

#1767017 18-Apr-2017 22:09

Andib:
But 8.1 is essentially just a service pack to 8,

Not really there were some pretty big driver changes from Windows 8 to 8.1.

I think display, networking drivers were some.