Microsoft claims Shadow Broker dump is toothless

April 18, 2017 | 07:53

Tags: #exploit #insecurity #microosft #security #vulnerabilities #vulnerability #windows

Companies: #microsoft #national-security-agency #nsa

Software giant Microsoft has sought to reassure its users following the release of multiple exploit programmes purportedly stolen from the archives of the US National Security Agency (NSA), claiming that the vast majority have long been patched and the remainders unexploitable on the latest Windows releases.

The release of exploitation tools for what were claimed to be active vulnerabilities in common Windows releases, the latest cache of files from notorious underground security firm The Shadow Brokers - famed for a failed attempt to auction off exploit code allegedly obtained from the National Security Agency (NSA), which it is now distributing piecemeal for free - caused a considerable stir late last week with concerns that the flaws targeted could be trivially exploited by ne'er-do-wells to take control of even the most up-to-date Windows system. Thankfully, Microsoft claims, the truth is very different to the tabloid narrative: none of the exploit code will work properly on a fully-patched Windows system.

The tools released by The Shadow Brokers stretch back multiple years, but have in the majority been long fixed - and without, the company claims, any contact from the NSA, an indication that the organisation has not been adhering to Obama-era laws on the disclosure of security vulnerabilities discovered by governmental organisations. In total, nine vulnerabilities - targeted by tools codenamed EternalBlue, EmeraldThread, EternalChampion, ErraticGopher, EskimoRoll, EternalRomance, EducatedScholar, EternalSynergy, and EclipsedWing - have been resolved by standard security updates from 2008 onwards. The most recent of these, EternalSynergy and EternalChampion, were fixed in a patch dated March this year - one month prior to The Shadow Brokers's release.

Three remaining exploit tools in the bundle, however, may potentially still be a hazard for those who have not yet upgraded to Microsoft's latest and greatest operating systems. 'Of the three remaining exploits, “EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk,' explained Microsoft's Phillip Misner, of the company's Security Response Centre, in an announcement on the matter. For those who are not running a supported version and therefore at risk of exploitation, Misner has one simple and obvious bit of advice: 'Customers still running prior versions of these products are encouraged to upgrade to a supported offering.'

Full details of the patches which resolve the exploited vulnerabilities can be found in links from the announcement blog post.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04