It seems like every week, there’s news of another group leaking so-called government hacking tools to the public. There’s the massive WikiLeaks reveal of CIA hacks and their use by hacking groups. And the hits just keep on coming.
A group known as the “Shadow Brokers” has leaked alleged NSA tools used to attack and break into Windows computers. While the previously unknown tools are said to be extremely potent against earlier Windows versions, experts are saying even Windows 10 is vulnerable, as well.
The leaked tools include malware with codenames like “EternalBlue,” “Oddjob,” “Esteemaudit,” “ZippyBeer” and “Fuzzbunch.” Most of these are capable of infiltrating and taking control of any pre-Windows 10 computer. If you think these old computers should be dwindling by now, well, think again — market research shows older versions of Windows were used by more than 65% of desktop users surfing the web last month.
Most of the exploits are said to use zero-day vulnerabilities, previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.
Security expert Matthew Hickey, co-founder and director of cybersecurity firm, Hacker House, is particularly troubled by the leaks and its scope. “In about an hour or so, any attacker can download a simple toolkit to hack into Microsoft-based computers around the globe,” he stated.
Microsoft’s response
On April 14, Microsoft published a blog post stating that after analysis of the leaked tools dumped by the Shadow Brokers, it found most of the exploits were already patched by security updates issued earlier. To protect against these hacks, Microsoft encourages customers to keep their computers up to date with the latest security patches.
Microsoft’s list of patches and the corresponding tool is as follows:
Code Name | Solution |
“EternalBlue” | Addressed by MS17-010 |
“EmeraldThread” | Addressed by MS10-061 |
“EternalChampion” | Addressed by CVE-2017-0146 & CVE-2017-0147 |
“ErraticGopher” | Addressed prior to the release of Windows Vista |
“EsikmoRoll” | Addressed by MS14-068 |
“EternalRomance” | Addressed by MS17-010 |
“EducatedScholar” | Addressed by MS09-050 |
“EternalSynergy” | Addressed by MS17-010 |
“EclipsedWing” | Addressed by MS08-067 |
Additionally, Microsoft said the other remaining exploits — “EnglishmanDentist,” EsteemAudit” and “ExplodingCan” — cannot be reproduced on supported versions of Windows (Windows 7 and later), and customers are advised to upgrade their versions to a supported platform as soon as possible. Note: Support for Windows Vista just ended recently.
Read Microsoft’s official blog post addressing the Shadow Brokers leaks here.