Shadow Brokers and what the leaks mean to Windows usersPosted on April 15th, 2017 at 06:53 Comment on the AskWoody Lounge
I’m a little late to the party on this one.
As many/most/all of you know, on Friday a group called Shadow Brokers published an enormously damaging trove of code, apparently from the NSA, with all sorts of exploits and hacking tools. Most (if not all) versions of Windows are in the crosshairs.
Our tax dollars at work.
To catch up, there’s a series of articles every Windows user should read.
Dan Goodin, Ars Technica: NSA-leaking Shadow Brokers just dumped its most damaging release yet
Andy Greenburg, Wired: Major leak suggests NSA was deepn in Middle East banking system
Philip Misner, Microsoft Security Response Center: Protecting customers and evaluating risk
Microsoft’s analysis (which is undoubtedly accurate, but will be debated endlessly):
Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.
Code Name Solution “EternalBlue” Addressed by MS17-010 “EmeraldThread” Addressed by MS10-061 “EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147 “ErraticGopher” Addressed prior to the release of Windows Vista “EsikmoRoll” Addressed by MS14-068 “EternalRomance” Addressed by MS17-010 “EducatedScholar” Addressed by MS09-050 “EternalSynergy” Addressed by MS17-010 “EclipsedWing” Addressed by MS08-067
Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.
MS17-010, which figures prominently in that table, is the one that fixed the SMBv1 hole in all versions of Windows. This month’s patches don’t figure in any of the discussions. We’re still at MS-DEFCON 1.
I haven’t seen any evidence that the disclosure is being used by Microsoft to convince folks to move to Windows 10. (I do note, with some nostalgia, that the demise of the Security Bulletin system will make such analysis and communication much more cumbersome in the future.)
So… the sky isn’t falling. But there are some very gray clouds out there, and a whole bunch of cretins jumping around trying to incorporate the Shadow Brokers code into their products. Those of you who patched through last month’s Patch Tuesday crop are OK, according to Microsoft – and they should know. Windows XP and Vista remain debatable. Those of you in Group W — who aren’t patching at all — should take note.
Last night, MrBrian started a Lounge thread on the topic. I’ve moved it to the location referenced above. Thanks, MrBrian.