…turn off your Windows computers for the weekend and go enjoy the nice weather!
UPDATE: Microsoft response that exploits were patched in the last month update:
Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.
- “EternalBlue”Addressed by MS17–010
- “EmeraldThread”Addressed by MS10–061
- “EternalChampion”Addressed by CVE-2017–0146 & CVE-2017–0147
- “ErraticGopher”Addressed prior to the release of Windows Vista
- “EsikmoRoll”Addressed by MS14–068
- “EternalRomance”Addressed by MS17–010
- “EducatedScholar”Addressed by MS09–050
- “EternalSynergy”Addressed by MS17–010
- “EclipsedWing”Addressed by MS08–067
Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.
Microsoft response that ShadowBrokers exploits were patched in the last month updates – MS17-010 ETERNALBLUE – https://t.co/jfBw1z8g1f
— Hacker Fantastic (@hackerfantastic) April 15, 2017
Shadowbrokers released a number of Windows related exploits.
One that looks in particular interesting as it promises an exploit via SMB for Windows hosts up to Windows 8 and Windows Server 2012, was published under the name “ETERNALBLUE”.
Here some downloads of exploits (only binaries, not sourcecode):
- ETERNALBLUE 2.2.0 Windows 2008 R2 SMBv1 Zero Day Exploit ≈ Packet Storm
- ETERNALSYNERGY 1.0.1 SMBv3 Remote Code Execution Exploit ≈ Packet Storm
- ETERNALROMANCE 1.3.0 Windows XP / 2003 / Vista / 7 / 8 / 2008 / 2008 R2 SMB1 Exploit ≈ Packet Storm
- ETERNALROMANCE 1.4.0 Windows XP / 2003 / Vista / 7 / 8 / 2008 / 2008 R2 SMB1 Exploit ≈ Packet Storm
At the time the information is not many, and the voices chasing each other:
If you don't work in IT, turn off your Windows computers for the weekend and go enjoy the nice weather. The zoo is nice. Or the beach. https://t.co/9j0zOOnCGi
— Lesley Carhart (@hacks4pancakes) April 14, 2017
— Hacker Fantastic (@hackerfantastic) April 14, 2017
Guess EternalBlue works well Exploit Win 7 VM -> Verify Backdoor Installed- Remove Backdoor -> Confirmed Removed pic.twitter.com/JpdbhyAkqt
— Justin (@HackingLZ) April 14, 2017
— Matt Suiche (@msuiche) April 14, 2017
— 0xba3ba4 (@0xba3ba4) April 14, 2017