Lately, it seems like every week, there’s news of another group leaking so-called government hacking tools to the public. There’s the massive Wikileaks reveal of CIA hacks and their use by hacking groups. And the hits just keep on coming.
A group known as the Shadow Brokers has leaked alleged NSA tools used to attack and break into Windows computers. While the previously unknown tools are said to be extremely potent against earlier Windows versions, experts are saying that even Windows 10 is vulnerable as well.
The leaked tools include malware with codenames like EternalBlue, Oddjob, Esteemaudit, ZippyBeer, and Fuzzbunch. Most of these tools are capable of infiltrating and taking control of any pre-Windows 10 computer. If you think that old Windows computers usage should be dwindling by now, well, think again. Market research shows that older versions of Windows were used by more than 65 percent of desktop users surfing the web last month.
Most of the exploits are said to use zero-day vulnerabilities, previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.
Security expert Matthew Hickey, co-founder and director of cybersecurity firm Hacker House, is particularly troubled by the leaks and its scope. “In about an hour or so any attacker can download a simple toolkit to hack into Microsoft based computers around the globe,” he stated.
On April 14, Microsoft published a blog post stating that after analysis of the leaked tools dumped by the Shadow Brokers, it found that most of the exploits were already patched by security updates issued earlier. To protect against these hacks, Microsoft encourages customers to keep their computers up-to-date with the latest security patches.
Microsoft’s list of patches and the corresponding tool is as follows:
|“EternalBlue”||Addressed by MS17-010|
|“EmeraldThread”||Addressed by MS10-061|
|“EternalChampion”||Addressed by CVE-2017-0146 & CVE-2017-0147|
|“ErraticGopher”||Addressed prior to the release of Windows Vista|
|“EsikmoRoll”||Addressed by MS14-068|
|“EternalRomance”||Addressed by MS17-010|
|“EducatedScholar”||Addressed by MS09-050|
|“EternalSynergy”||Addressed by MS17-010|
|“EclipsedWing”||Addressed by MS08-067|
Additionally, Microsoft said the other remaining exploits “EnglishmanDentist,” EsteemAudit,” and “ExplodingCan” cannot be reproduced on supported versions of Windows – Windows 7 and later – and customers are advised to upgrade their versions to a supported platform as soon as possible. Note: support for Windows Vista just ended recently.
As we always say, to protect yourself against zero-day attacks and security holes, make sure you apply the latest security updates and software versions as soon as possible. Also, if you’re running an outdated and unsupported version of an operating system, please stop using it and upgrade to a supported version.
Read Microsoft’s official blog post addressing the Shadow Brokers leaks here.