From Kaspersky Lab’s threatpost.com
NSA’s EternalBlue Exploit Ported to Windows 10
by Michael Mimoso | June 6, 2017
The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public.
Researchers at RiskSense, among the first to analyze EternalBlue, its DoublePulsar backdoor payload, and the NSA’s Fuzzbunch platform (think: Metasploit), said they would not release the source code for the Windows 10 port for some time, if ever. The proof of concept has been in the works since the ShadowBrokers’ April leak of Equation Group offensive hacking tools targeting Windows XP and Windows 7, as well as the development of a Metasploit module based on EternalBlue released two days after the WannaCry attacks. The best defense against EternalBlue, researchers maintain, is to apply the MS17-010 update provided in March by Microsoft.
The researchers did today publish a report (PDF download) explaining what was necessary to bring the NSA exploit to Windows 10 and examining the mitigations implemented by Microsoft that can keep these attacks in check moving forward.
Read the full article here
