« previous next »
Pages: [1]

Author Topic: NSA’s chest of Windows exploits leaked, affects Windows 2000 to 8 and more  (Read 170 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35250
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
NSA’s chest of Windows exploits leaked, affects Windows 2000 to 8 and more
« on: April 16, 2017, 04:37:04 AM »
Shadow Brokers, a hacking group, has released a treasure trove of zero-day exploits used by the United States’ National Security Agency (NSA). Amongst these exploits, which include a potential breach of the Swift banking system, is exploits for many of Microsoft’s previous operating systems, both consumer and server editions.

The operating systems affected include:

■ Windows 2000

■ Windows XP

■ Windows 7

■ Windows 8

Additionally and more importantly to businesses, the following Windows server editions are affected:

■ Windows Server 2000

■ Windows Server 2003

■ Windows Server 2008 and 2008 R2

■ Windows Server 2012

So far, Windows 10 has not been discovered as having any zero-day exploits in this latest leak, however, that’s not to say the NSA doesn’t have other caches of tools.

The BBC questioned Microsoft over the exploits discovered in this leak and gave the following statement, saying that they are “reviewing the report and will take the necessary actions to protect our customers”.

source:onmsft
Logged

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35250
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
NSA’s chest of Windows exploits leaked, affects Windows 2000 to 8 and more
« Reply #1 on: April 16, 2017, 04:54:21 AM »
Microsoft has now published a response to this leak by providing information on how its products are affected, the steps to secure them and which patches are in place.

The following is a table that shows the name of the exploit and how Microsoft has resolved it. Most of the exploits were resolved a number of years ago, whereas some are just a month ago.

Quote
Code Name              Solution

“EternalBlue”           Addressed by MS17-010

“EmeraldThread”      Addressed by MS10-061

“EternalChampion”   Addressed by CVE-2017-0146 & CVE-2017-0147

“ErraticGopher”       Addressed prior to the release of Windows Vista

“EsikmoRoll”           Addressed by MS14-068

“EternalRomance”   Addressed by MS17-010

“EducatedScholar”   Addressed by MS09-050

“EternalSynergy”     Addressed by MS17-010

“EclipsedWing”        Addressed by MS08-067

More importantly, it has been found that despite earlier reports that Windows 10 was not affected, “EternalChampion” affected both Windows 10 32-bit and 64-bit. Fortunately, a patch for this has already been released.

There were 3 additional exploits, “EnglishmanDentist”, “EsteemAudit” and “ExplodingCan” that could not be reproduced on supported versions of Windows by Microsoft’s engineers, thus no patches have been released for these issues. To ensure protection against these, Microsoft is urging customers to upgrade to a supported version of Windows, so that they have the latest security updates that are available.

source:onmsft
Logged

Pages: [1]
« previous next »