Leaked NSA hacking tools can target all Windows versions from the past two decades
REMEMBER THOSE LEAKED NSA TOOLS? Well, they can now hack any version of Windows, not just the old version of Microsoft’s operating system.
Researcher Sean Dillon from cybersecurity firm RiskSense tweaked the source code of three nicked NSA exploits – EternalSynergy, EternalChampion and EternalRomance – to work against Windows versions dating back as far as Windows 2000.
Going by the name of ‘zerosum0x0’ on GitHub and Twitter (hat tip to Betanews for that), Dillon noted his modifications to the code exploits the CVE-2017-0143 and CVE-2017-0146 vulnerabilities in numerous versions of unpatched Windows OS.
MS17-010 #EternalSynergy #EternalRomance #EternalChampion exploit and auxiliary modules for @Metasploit. Support for Windows 2000 through 2016. I basically bolted MSF psexec onto @sleepya_ zzz_exploit. https://t.co/UnGA1u4gWe pic.twitter.com/Y9SMFJguH1
— zǝɹosum0x0? (@zerosum0x0) January 29, 2018
While other leaked hacking tools like EternalBlue have been attributed to facilitating the likes of WannaCry and NotPetya, which affected systems running older versions of Windows like Windows 7, the modified exploits can be used against Windows 10 builds.
Windows 10 was originally thought to be immune to the stolen NSA tools leaked by hacker group Shadow Brokers. But unpatched versions of Redmond’s latest OS appear to be vulnerable to attacks that make use of the modified code, not that any have been reported out in the wild.
Naturally, ensuring Windows 10 is up-to-date and patched should make any systems running the software immune to the modified hacking tools. But older versions of Windows that are no longer supported by Microsoft could face attacks that put the modified NSA exploits to use if the operating systems are not updated with patches Redmond pushed out in March 2017.
Plonking his modified code on GitHub with the disclaimer that it’s intended for academic research and the development of cyber defences, Dillon said: “This module is highly reliable and preferred over EternalBlue where a Named Pipe is accessible for anonymous logins (generally, everything pre-Vista, and relatively common for domain computers in the wild).”
The trio of modified exploits also boast remote control and code execution features that could be used to wreak havoc on compromised machines.
If you’ve kept up with patches for more recent versions of Windows, then you should be safe from the exploits.
For companies with large and complex IT estates that aren’t all running the latest software, such modified exploits could cause a headache. Either way, such tweaks to the modified NSA tools show that the Eternal family of exploits is still have some life left into them; jeez, thanks for that NSA. µ
Source : Inquirer