June 06, 2017

"The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public."

threatpost: Researchers at RiskSense, among the first to analyze EternalBlue, its DoublePulsar backdoor payload, and the NSA’s Fuzzbunch platform (think: Metasploit), said they would not release the source code for the Windows 10 port for some time, if ever. by Michael Mimoso

'The proof of concept has been in the works since the ShadowBrokers’ April leak of Equation Group offensive hacking tools targeting Windows XP and Windows 7, as well as the development of a Metasploit module based on EternalBlue released two days after the WannaCry attacks. The best defense against EternalBlue, researchers maintain, is to apply the MS17-010 update provided in March by Microsoft.

'The researchers did today publish a report (PDF download) explaining what was necessary to bring the NSA exploit to Windows 10 and examining the mitigations implemented by Microsoft that can keep these attacks in check moving forward.

'“We’ve omitted certain details of the exploit chain that would only be useful to attackers and not so much for building defenses,” said senior research analyst Sean Dillon. “The research is for the white-hat information security industry in order to increase the understanding and awareness of these exploits so that new techniques can be developed that prevent this and future attacks. This helps defenders better understand the exploit chain so that they can build defenses for the exploit rather than the payload.”'

No comments: