Latest Exploit Dump By Shadow Brokers Contains Easy-To-Use Windows Exploits, Most Already Patched By Microsoft
from the menu-driven-God-Mode dept
The Shadow Brokers -- having failed to live up to half their name -- released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and -- for some -- a very handy, easy-to-use front end for malware deployment.
This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows, they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They're also the ones with the smallest user bases, so that mitigates the damage somewhat.
As Marcy Wheeler points out, the NSA had plenty of time to warn Microsoft about unpatched holes prior to the Shadow Brokers' latest dump.
That’s a critical detail for the debate going on on Twitter and in chats about how shitty it was for SB to release these files on Good Friday, just before (or for those with generous vacation schedules, at the beginning of) a holiday weekend. While those trying to defend against the files and those trying to exploit them are racing against the clock and each other, it is not the case that the folks at NSA got no warning. NSA has had, at a minimum, 96 days of warning, knowing that SB could drop the files at any time.
The big question, of course, is whether NSA told Microsoft what the files targeted. Certainly, Microsoft had not fully responded to that warning, as hackers have already gotten a number of these files to work.
Unlike the CIA dump happening at Wikileaks, the NSA had a pretty good idea what was contained in the Shadow Brokers stash. Microsoft, however, says it was never contacted by the NSA or "any agency" about the exploits ahead of their release.
Despite this statement, the exploits appear to have already been patched by Microsoft.
Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.
The most interesting patch on the list is MS17-010, released March 14th. It patched several remote code execution holes in older Windows versions. These patches weren't applied to test machines, resulting in the mistaken conclusion these vulnerabilities hadn't been fixed.
But the patch notes say nothing about who disclosed the vulnerabilities, which makes it an anomaly. Microsoft's denial, combined with its blank "acknowledgements" page, suggests the NSA itself warned the company about the vulnerabilities. It seems unlikely Shadow Brokers would have given Microsoft a heads up, as it hadn't warned any other affected vendor up to this point.
If so, the Vulnerabilities Equity Process sort of works. I mean, the NSA held onto these as long as it could, but finally informed the affected party when it became apparent it might have to share its "exclusive" exploits with the rest of the world. Better late than never, and certainly better when delivered ahead of a very public disclosure.
What's in the latest dump is now mostly useless. But not completely useless. There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.
Not that those with the latest and greatest should rest easy. The NSA hasn't stopped producing and purchasing exploits. The SB stash was a few years old. Current Microsoft software remains under attack from state intelligence agencies and criminals. But this dump of tools shows just how powerful the NSA's toolkit is -- one made even more dangerous by its apparent ease of use. It makes exploit delivery possible for anyone, not just those with a very specific skillset.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: 0days, exploits, hacks, nsa, shadow brokers, vep, vulnerabilities, vulnerabilities equities process, windows
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
Holes in Programming..
MS made the programming language, and anyone can have a copy..
Holes MS built into the OS..so they could SELL the ability to ADVERT TO YOU..and they move that hole back and forth.
MANY could be fixed. with a few tricks, but would also BREAK what they wish to show you on the net..
Separate the LANGUAGES..Take JAVA and Jscript, and OPEN its OWN window and SANDBOX IT.. but windows LOVES JS..
In the internet you are running an EMULATOR that can/will read over 7 programming languages and display things to you and give you an ability to DO THINGS LIKE purchase from Amazon..
THEN there is another FACT..MS keeps trying to Automate things...QUIT IT. it gets people in trouble. THINKING that people will ALWAYS PAY TO UPDATE/UPGRADE is asinine/STUPID....The first product they BUY they wish to keep FOREVER.. Thinking that YOU CAN DO BETTER, Isnt true.
you have made people FORGET the old ways of programming and SERVER protection.. "Unless they KEEP things updated...you WONT do anything for them"... THE OLD SERVER OS's WORKED GREAT and were a PAIN to setup, but STILL WORK.. Once setup, you could UPDATE them, and not worry about WHAT you had setup, because it was PROPERLY setup and designed..NOT a WHOLE new convoluted, Whats this, wheres that..
YOU HAD TO HAVE people who KNEW what and HOW things were done..
INTEL could have updated your OLD hardware designs YEARS ago, but you said NO.. you could have been Multitasking in HARDWARE, not software..Multi CPU could have been around since 2000..you even bought NT..and DROPPED IT LIKE A ROCK after 2 itinerations..
THE NEW OS, is a compilation of TRYING to make an OS that works on ALL things..Tablet/phone/Console/Computer.. but its NOT EASY and the hardware in Phones and Tablets is MORE ADVANCED and designed AS INTEL wanted to do in the past..
The NEXT update to WINDOWS should be the HARDWARE and a NEW OS...PERIOD.. With a few changes you could Double or triple WHAT windows could do..
[ link to this | view in chronology ]
Re: Holes in Programming..
[ link to this | view in chronology ]
Re: Holes in Programming..
A massive redesign of their operating system from scratch?
Why would they want to do that? The majority of users don't even touch what it can do now.
[ link to this | view in chronology ]
Re: Re: Holes in Programming..
Why would they want to do that? The majority of users don't even touch what it can do now."
Just hardware..
Where Multitasking SHOULD BE..
Where parallel Processing can DO the JOB..
Getting RID of IRQ, which was dead long ago..and hidden under layers of Scripts..
[ link to this | view in chronology ]
Re: Holes in Programming..
Also considering the fact that new OS's are magnitudes more secure than older ones and you can get more done with less time invested, I really do not see your point. In general automation and increased security are good things. And Microsoft has been moving more and more towards sandboxing applications, something older OS's did rarely if at all.
You still have to have people who know how things are done, it's just that the way things are done is different now than from 20 - 30 years ago. Yes setting up the old server OS's were a major pain, and because of it were often set up incorrectly which caused all kinds of stuff to not work right and/or be less secure than normal.
The new OS's are much easier to set up correctly, you still have to know what you are doing, but there is less of a chance of setting up something wrong. A new Server 2012 domain, complete with AD, DHCP, and DNS can be spun up in a matter of hours and be configured correctly, functioning, and reasonably secure. The same cannot be said for older operating systems.
It kind of sounds like you just want to re-live the "glory days" when you could do what you want because people were still figuring out how to use all these fancy new toys and didn't have to worry about things actually being secure and software being coded properly.
[ link to this | view in chronology ]
Re: Re: Holes in Programming..
Automation..SUCKS..
They have gotten rid of the Sysop/Admin..as much as possible.
And its funny, with the SONY servers in Brazil, that they Got away with TONS of data..
Since you have an idea of whats happening, lets ASK how someone gets away with terabytes of DATA and no one noticed until it was to late??
This should have been a restricted access..
Sending a Bot out to ID the person connecting? At least let it PING Local Wan to Close the location..OR EVEn to ID the hardware to verify its a proper person to BE THERE??
Pick a Major contractor name of a server break in..and ask HOW it could be done..
Names and numbers of persons Using the service LOST?? They could of broken up the Data file and Written it to multiple locations, and Hidden them..and only 1 program to PUT them back together..
These are OLD tricks, and OLD protections that STILL WORK..
It either Laziness or Someone on the Inside taking advantage..And if you want WEIRD on this, it wouldnt surprise me if the GOV. has taken the idea to Gather personal info on ALL of us..either PAID or harassed corps to supply the data.
Then the IDEA that using the internet as a SAFE way to access DATA and keep it safe? is STUPID..1000 monkeys will eventually Crack any site..
[ link to this | view in chronology ]
Re: Holes in Programming..
There's so much wrong with this post that it would take two pages of rebuttal and a multi-page article on the history of the x86 hardware architecture to address.
[ link to this | view in chronology ]
Re: Re: Holes in Programming..
I aint talking about x86,,,THERE is better hardware out there.. and it sounds like you are STUCK with windows designed hardware from 1986..
[ link to this | view in chronology ]
Re: Re: Re: Holes in Programming..
[ link to this | view in chronology ]
The dump is the tip of the iceberg
If you're running Windows, MacOS, Android, or iOS, and you're a target, you're screwed. And increasingly, "Linux" needs to be in that sentence.
[ link to this | view in chronology ]
Re: The dump is the tip of the iceberg
SB wise later holes may be safe but since the NSA/FBI/ETC have to deploy their tools onto machines and seem to do a bad job of removing them afterwards it's really hard to say who all may have found them, reverse engineered the code and redeployed it back into the wild.
[ link to this | view in chronology ]
bonning voying and ageing
Really? Shows you just how the nsa works. expensive talent to create new exploits, cheap labour to work the hussels. probably a load of hb1 visa indians doing the legwork.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Exploit delivery for anyone
Don't believe me? Turns out that's what most invention is all about...simplification so *all* the details don't have to be mastered. Programming is no different...I don't *have* to be able to program a website to browse and comment here on Techdirt, thank you Techdirt!
[ link to this | view in chronology ]
It doesn't even need to be all that old. Microsoft bungled the Windows 10 public relations rollout so badly that some small shops adopted a policy banning all future Windows updates, consequences be damned, in the hope of preventing the unwanted conversion to Windows 10. The Windows 10 privacy disaster only reinforced that position. Those shops are now vulnerable even to things that Microsoft actually does fix on downlevel platforms, because Microsoft so utterly ruined its credibility in its zeal to forcibly convert everyone to Windows 10.
[ link to this | view in chronology ]
Re:
And so seven years after Server 2008 was released, asking to replace those machines was a non-starter because "we just got them."
That's how things work in the real world.
[ link to this | view in chronology ]