ShadowBrokers releases some 0-Day Remote Code Execution exploits on Microsoft Windows…

…turn off your Windows computers for the weekend and go enjoy the nice weather!

UPDATE: Microsoft response that exploits were patched in the last month update:

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.

Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.

Protecting customers and evaluating risk


Shadowbrokers released a number of Windows related exploits.
One that looks in particular interesting as it promises an exploit via SMB for Windows hosts up to Windows 8 and Windows Server 2012, was published under the name “ETERNALBLUE”.

Here some downloads of exploits (only binaries, not sourcecode):


At the time the information is not many, and the voices chasing each other:

Related posts

  1. Achilles: over 400 vulnerabilities found on Qualcomm’s Snapdragon chip
  2. SIGRed: a 17-year-old wormable vulnerability in Windows DNS server
  3. Beware! A simple wallpaper image can brick your Android device
  4. Thunderspy: a Thunderbolt security flaw that affects all systems released before 2019
  5. “Psychic Paper”: an amazingly simple iOS sandbox escape exploit