Latest Exploit Dump By Shadow Brokers Contains Easy-To-Use Windows Exploits, Most Already Patched By Microsoft

from the menu-driven-God-Mode dept

The Shadow Brokers -- having failed to live up to half their name -- released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and -- for some -- a very handy, easy-to-use front end for malware deployment.

This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows, they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They're also the ones with the smallest user bases, so that mitigates the damage somewhat.

As Marcy Wheeler points out, the NSA had plenty of time to warn Microsoft about unpatched holes prior to the Shadow Brokers' latest dump.

That’s a critical detail for the debate going on on Twitter and in chats about how shitty it was for SB to release these files on Good Friday, just before (or for those with generous vacation schedules, at the beginning of) a holiday weekend. While those trying to defend against the files and those trying to exploit them are racing against the clock and each other, it is not the case that the folks at NSA got no warning. NSA has had, at a minimum, 96 days of warning, knowing that SB could drop the files at any time.

The big question, of course, is whether NSA told Microsoft what the files targeted. Certainly, Microsoft had not fully responded to that warning, as hackers have already gotten a number of these files to work.

Unlike the CIA dump happening at Wikileaks, the NSA had a pretty good idea what was contained in the Shadow Brokers stash. Microsoft, however, says it was never contacted by the NSA or "any agency" about the exploits ahead of their release.

Despite this statement, the exploits appear to have already been patched by Microsoft.

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.

The most interesting patch on the list is MS17-010, released March 14th. It patched several remote code execution holes in older Windows versions. These patches weren't applied to test machines, resulting in the mistaken conclusion these vulnerabilities hadn't been fixed.

But the patch notes say nothing about who disclosed the vulnerabilities, which makes it an anomaly. Microsoft's denial, combined with its blank "acknowledgements" page, suggests the NSA itself warned the company about the vulnerabilities. It seems unlikely Shadow Brokers would have given Microsoft a heads up, as it hadn't warned any other affected vendor up to this point.

If so, the Vulnerabilities Equity Process sort of works. I mean, the NSA held onto these as long as it could, but finally informed the affected party when it became apparent it might have to share its "exclusive" exploits with the rest of the world. Better late than never, and certainly better when delivered ahead of a very public disclosure.

What's in the latest dump is now mostly useless. But not completely useless. There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.

Not that those with the latest and greatest should rest easy. The NSA hasn't stopped producing and purchasing exploits. The SB stash was a few years old. Current Microsoft software remains under attack from state intelligence agencies and criminals. But this dump of tools shows just how powerful the NSA's toolkit is -- one made even more dangerous by its apparent ease of use. It makes exploit delivery possible for anyone, not just those with a very specific skillset.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 0days, exploits, hacks, nsa, shadow brokers, vep, vulnerabilities, vulnerabilities equities process, windows
Companies: microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    ECA (profile), 17 Apr 2017 @ 4:23am

    Holes in Programming..

    YES, there are holes..
    MS made the programming language, and anyone can have a copy..
    Holes MS built into the OS..so they could SELL the ability to ADVERT TO YOU..and they move that hole back and forth.

    MANY could be fixed. with a few tricks, but would also BREAK what they wish to show you on the net..
    Separate the LANGUAGES..Take JAVA and Jscript, and OPEN its OWN window and SANDBOX IT.. but windows LOVES JS..

    In the internet you are running an EMULATOR that can/will read over 7 programming languages and display things to you and give you an ability to DO THINGS LIKE purchase from Amazon..

    THEN there is another FACT..MS keeps trying to Automate things...QUIT IT. it gets people in trouble. THINKING that people will ALWAYS PAY TO UPDATE/UPGRADE is asinine/STUPID....The first product they BUY they wish to keep FOREVER.. Thinking that YOU CAN DO BETTER, Isnt true.
    you have made people FORGET the old ways of programming and SERVER protection.. "Unless they KEEP things updated...you WONT do anything for them"... THE OLD SERVER OS's WORKED GREAT and were a PAIN to setup, but STILL WORK.. Once setup, you could UPDATE them, and not worry about WHAT you had setup, because it was PROPERLY setup and designed..NOT a WHOLE new convoluted, Whats this, wheres that..
    YOU HAD TO HAVE people who KNEW what and HOW things were done..

    INTEL could have updated your OLD hardware designs YEARS ago, but you said NO.. you could have been Multitasking in HARDWARE, not software..Multi CPU could have been around since 2000..you even bought NT..and DROPPED IT LIKE A ROCK after 2 itinerations..

    THE NEW OS, is a compilation of TRYING to make an OS that works on ALL things..Tablet/phone/Console/Computer.. but its NOT EASY and the hardware in Phones and Tablets is MORE ADVANCED and designed AS INTEL wanted to do in the past..

    The NEXT update to WINDOWS should be the HARDWARE and a NEW OS...PERIOD.. With a few changes you could Double or triple WHAT windows could do..

    link to this | view in chronology ]

    • identicon
      Baron von Robber, 17 Apr 2017 @ 6:48am

      Re: Holes in Programming..

      CAPS cap quota reached. Please insert another $5.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Apr 2017 @ 8:23am

      Re: Holes in Programming..

      "With a few changes you could Double or triple WHAT windows could do"

      A massive redesign of their operating system from scratch?
      Why would they want to do that? The majority of users don't even touch what it can do now.

      link to this | view in chronology ]

      • icon
        ECA (profile), 17 Apr 2017 @ 12:18pm

        Re: Re: Holes in Programming..

        "A massive redesign of their operating system from scratch?
        Why would they want to do that? The majority of users don't even touch what it can do now."

        Just hardware..
        Where Multitasking SHOULD BE..
        Where parallel Processing can DO the JOB..
        Getting RID of IRQ, which was dead long ago..and hidden under layers of Scripts..

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Apr 2017 @ 9:41am

      Re: Holes in Programming..

      Not sure where you are getting these "facts" but the "old ways of programming and SERVER protection" really sucked or in many cases were non-existent. When software breaks during an OS patch/upgrade because it was hard-coded to use a specific OS version number, I don't consider that to be a good thing and something we should go back to.

      Also considering the fact that new OS's are magnitudes more secure than older ones and you can get more done with less time invested, I really do not see your point. In general automation and increased security are good things. And Microsoft has been moving more and more towards sandboxing applications, something older OS's did rarely if at all.

      You still have to have people who know how things are done, it's just that the way things are done is different now than from 20 - 30 years ago. Yes setting up the old server OS's were a major pain, and because of it were often set up incorrectly which caused all kinds of stuff to not work right and/or be less secure than normal.

      The new OS's are much easier to set up correctly, you still have to know what you are doing, but there is less of a chance of setting up something wrong. A new Server 2012 domain, complete with AD, DHCP, and DNS can be spun up in a matter of hours and be configured correctly, functioning, and reasonably secure. The same cannot be said for older operating systems.

      It kind of sounds like you just want to re-live the "glory days" when you could do what you want because people were still figuring out how to use all these fancy new toys and didn't have to worry about things actually being secure and software being coded properly.

      link to this | view in chronology ]

      • icon
        ECA (profile), 17 Apr 2017 @ 12:32pm

        Re: Re: Holes in Programming..

        There is 1 main point to Servers Im suggesting more then anything..
        Automation..SUCKS..
        They have gotten rid of the Sysop/Admin..as much as possible.
        And its funny, with the SONY servers in Brazil, that they Got away with TONS of data..

        Since you have an idea of whats happening, lets ASK how someone gets away with terabytes of DATA and no one noticed until it was to late??
        This should have been a restricted access..
        Sending a Bot out to ID the person connecting? At least let it PING Local Wan to Close the location..OR EVEn to ID the hardware to verify its a proper person to BE THERE??
        Pick a Major contractor name of a server break in..and ask HOW it could be done..
        Names and numbers of persons Using the service LOST?? They could of broken up the Data file and Written it to multiple locations, and Hidden them..and only 1 program to PUT them back together..
        These are OLD tricks, and OLD protections that STILL WORK..

        It either Laziness or Someone on the Inside taking advantage..And if you want WEIRD on this, it wouldnt surprise me if the GOV. has taken the idea to Gather personal info on ALL of us..either PAID or harassed corps to supply the data.

        Then the IDEA that using the internet as a SAFE way to access DATA and keep it safe? is STUPID..1000 monkeys will eventually Crack any site..

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Apr 2017 @ 1:13pm

      Re: Holes in Programming..

      English 101 for conspiracy theorists, alt-right, sovereign citizens, and general all around paranoid nutters: all caps doesn't make your statements factual or anything more than an incoherent and ignorant rant that it is without the caps.

      There's so much wrong with this post that it would take two pages of rebuttal and a multi-page article on the history of the x86 hardware architecture to address.

      link to this | view in chronology ]

      • icon
        ECA (profile), 17 Apr 2017 @ 2:14pm

        Re: Re: Holes in Programming..

        x86??
        I aint talking about x86,,,THERE is better hardware out there.. and it sounds like you are STUCK with windows designed hardware from 1986..

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 17 Apr 2017 @ 2:25pm

          Re: Re: Re: Holes in Programming..

          Please enlighten us as to what this magical better hardware is that we are all so ignorant of.

          link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Apr 2017 @ 4:42am

    The dump is the tip of the iceberg

    It's illustrative, not exhaustive -- and thus in part serves as effective advertising for Shadow Brokers, who are no doubt sitting on a stockpile of exploits against current versions of Windows (and everything else) that they're not about to share unless they're paid. And the NSA surely has its own stash, which may or may not overlap. And other vulnerability brokers, other government agencies, have theirs.

    If you're running Windows, MacOS, Android, or iOS, and you're a target, you're screwed. And increasingly, "Linux" needs to be in that sentence.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 17 Apr 2017 @ 5:18am

      Re: The dump is the tip of the iceberg

      The current tin-foil conspiracy rumor is the ShadowBrokers are just one guy who used to work for the NSA. From what I've read about it the exploits that were taken stop at 2013.
      SB wise later holes may be safe but since the NSA/FBI/ETC have to deploy their tools onto machines and seem to do a bad job of removing them afterwards it's really hard to say who all may have found them, reverse engineered the code and redeployed it back into the wild.

      link to this | view in chronology ]

  • identicon
    bon voy age, 17 Apr 2017 @ 4:55am

    bonning voying and ageing

    ""It makes exploit delivery possible for anyone, not just those with a very specific skillset. ""

    Really? Shows you just how the nsa works. expensive talent to create new exploits, cheap labour to work the hussels. probably a load of hb1 visa indians doing the legwork.

    link to this | view in chronology ]

  • icon
    discordian_eris (profile), 17 Apr 2017 @ 6:05am

    Seriously, some of the most feared hackers in the world are glorified script kiddies??? Damn, just...damn.

    link to this | view in chronology ]

    • identicon
      christenson, 17 Apr 2017 @ 9:51am

      Re: Exploit delivery for anyone

      We are *all* glorified script kiddies...just some of us know enough to write the scripts and discover new ones.

      Don't believe me? Turns out that's what most invention is all about...simplification so *all* the details don't have to be mastered. Programming is no different...I don't *have* to be able to program a website to browse and comment here on Techdirt, thank you Techdirt!

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 17 Apr 2017 @ 7:49am

    There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.

    It doesn't even need to be all that old. Microsoft bungled the Windows 10 public relations rollout so badly that some small shops adopted a policy banning all future Windows updates, consequences be damned, in the hope of preventing the unwanted conversion to Windows 10. The Windows 10 privacy disaster only reinforced that position. Those shops are now vulnerable even to things that Microsoft actually does fix on downlevel platforms, because Microsoft so utterly ruined its credibility in its zeal to forcibly convert everyone to Windows 10.

    link to this | view in chronology ]

    • icon
      Roger Strong (profile), 17 Apr 2017 @ 8:55am

      Re:

      We set up a couple Server 2008 machines well after Server 2012 was released, because that's what the big international vendor required for their brand new freight management system.

      And so seven years after Server 2008 was released, asking to replace those machines was a non-starter because "we just got them."

      That's how things work in the real world.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.