'Shadow Brokers' dump of NSA tools includes new Windows exploits

Earlier this year “The Shadow Brokers” — an entity claiming to have stolen hacking tools from the NSA then offering them for sale — seemed to pack up shop, but the group has continued on. Today, it made a new post that contained a number of working exploits for Windows machines running everything from XP up to at least Windows 8. As far as Windows 10, it appears that the stolen data is from 2013 and predates the latest OS. As such, it isn’t immediately apparent if it’s vulnerable, but early results indicate at least some of the tools aren’t working on it.

Releasing this information ahead of a holiday weekend may make it harder for Microsoft and IT workers to respond, as anyone with bad intentions now has access to a number of previously unknown exploits. As security researchers like Matthew Hickey (aka @hackerfantastic) scan through tools with names like ETERNALBLUE (a remote exploit for XP and above) and FUZZBUNCH (a framework that helps control use of the other attacks), Marcy Wheeler notes that the NSA has known these tools were out there since January, when The Shadow Brokers listed them for sale.

For now, the response from a Microsoft spokesperson is that “We are reviewing the report and will take the necessary actions to protect our customers.”

So what is there to do if you’re not a network admin and just use a Windows computer, whether at work or at home? In a quote to Motherboard, one hacker said to have formerly worked for the Department of Defense says plainly that “It’s not safe to run an internet-facing Windows box right now.”

Of course, your PC is — or should be — behind a router/firewall. I spoke to Travis Smith, a Senior Security Research Engineer at Tripwire, and he explained that for the tools released, they largely rely on local network protocols that attackers use to move from one compromised PC to others across a network. As he put it “even if you aren’t running the latest greatest operating system and you don’t have antivirus, if your Windows laptop isn’t plugged directly into the internet, then your risk profile greatly diminishes.” If you do have an antivirus, like Microsoft’s Windows Defender, or products from McAfee, Kaspersky and the like, they should update quickly to recognize these executables now that they’re known.

Contacted via email, Matthew Hickey expressed a similar outlook, saying that “most home users will not be directly impacted by these vulnerabilities as an attacker needs to connect to services on their computer. The risk is much bigger to enterprise and businesses who rely on these services to connect online.”

No matter what software you’re running though, making sure you’re up to date with the latest patches will be one of the best things you can do to defend yourself. Also, as Travis explains, it’s possible the code could eventually be modified to attack newer systems including Windows 10 and Windows Server 2016, but that will likely take more than a couple of days. Even if remote exploits or a worm don’t arise from the use of these tools, now that they’re out in the wild they could still be delivered by the web, email or even a USB stick. Matthew closed out his email by noting that “Microsoft will need to release fixes for several of the ETERNAL exploits and customers should ensure they apply them as soon as available.”

Source: The Shadow Brokers

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On