WannaCry Exploit Could Infect Windows 10

msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers' report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10.

And Monkeys COULD fly outta my butt

Butt, butt, that won't happen to ME.

Re:And Monkeys COULD fly outta my butt

[jfdavis668]

You still use Windows ME?

Re:And Monkeys COULD fly outta my butt

[Opportunist]

Probably not, but who'd trade being safe from one problem for every other problem that could possibly be wrong with software?

Re:And Monkeys COULD fly outta my butt

[mspohr]

Hey, you insensitive clod, I used Windows ME.
ME was the last version of Windows I used.
It was so bad, I switched to Linux (and Mac) and haven't looked back.
I know people are slow and stupid but I can't believe that they keep using Windows. They must be masochists.

Re:And Monkeys COULD fly outta my butt

[WallyL]

Or uninformed and don't want to take the time to make better choices.

WAIT, WAIT

[JustAnotherOldGuy]

But Microsoft said that Windows 10 was "the safest Windows ever", EVER!

Re:WAIT, WAIT

If you allow windows update to do its job*.
But considering a great many morons out there think disabling updates = "I'm a man now! I stopped microsoft!".
Well they are at risk.

Re:WAIT, WAIT

[Opportunist]

That's like being the best dressed hobo.

Re:WAIT, WAIT

*: windows update's job is to serve Microsoft's interest.

If it also serves your interest, well, that's a lucky coincidence, but, it's nothing more than a coincidence.

Re:WAIT, WAIT

It is. Remember when you lost all your work back in March because Windows 10 rebooted to install patches? That's when you got protected against this exploit.

Re:WAIT, WAIT

Then there's morons like you who don't seem to care that Microsoft is all the way up your ass so far you can TASTE them 24/7/365.

Trading freedom for (the illusion of) security
Getting precisely what you deserve (neither)

Do the human race a favor and go get yourself sterilized so you don't pass on your obviously defective genes.

Re:WAIT, WAIT

[chuckugly]

Then there's morons like you who don't seem to care that Microsoft is all the way up your ass so far you can TASTE them 24/7/365.

So, for 7 years more or less?

Re:WAIT, WAIT

[fustakrakich]

I would like to test that theory, but I don't have any hardware lying around that will run Windows 3.1

Re: WAIT, WAIT

Real men use Linux.

Re:WAIT, WAIT

That's what VMs are for fam. Pretty sure you can even install it in dosbox if you want.

OTOH getting the internet to work with it is a whole thing apparently.

Re:WAIT, WAIT

That's a little extreme don't you think? I'm all for a good old fashioned M$ pitchfork brigade but for fuck sakes. Can we really argue that declining security updates and being left vulnerable is actually a good idea? If you're going to do that, do yourself and the world a favor and just not use Windows at all.

Re:WAIT, WAIT

It makes no difference, WHO exactly is selling your data to whom. So this time its men in suits, and not men in hoodies... The "security updates" meme is nice, but the reality is far more nuanced then that. There are several scenarios, where updates from microsoft are just cancer. And, with a good two-way firewall and protocol+endpoint isolation, un-updated windows is quite okay.

  Let me reiterate: you do not retain the right to run code on my machine, just cos you made the OS and the certificates in it.

Re:WAIT, WAIT

[SuperDre]

Any OS isn't safe it you don't update it regularly, MacOS and Linux are also very unsafe if you don't keep it updated, it's not like those OSses are any safer than current Windows is. Only reason why those seem to be safer is due to it still not having enough (dumb) users for hackers to target it.

Re:WAIT, WAIT

[esperto]

It is not like they are setting the bar that high...

Re:WAIT, WAIT

[gravewax]

well considering it was well and truly patched months before a successful exploit could be developed I would say their argument there is still pretty good.

Re:WAIT, WAIT

Then don't blame Microsoft when an exploit compromises a computer that would have otherwise been safe if updates were applied.

Re:WAIT, WAIT

I decide when to update my ubuntu, and the updates are downloaded when I say so. Just one ping to the update servers once in a while.
My windows 10 box tries to get updates at every hour and calls home constantly, it runs services just "because maybe" and start apps in "suspended state" now and then, win 10 is disruptive whenever I'm working or gaming, I don't have that experience with linux.
So overall my linux box is safer because I'm not pushed into disabling and blocking things to actually using it.

Re:WAIT, WAIT

[gravewax]

If you want full control then setup a wsus server, you can have full control over the update and call home abilities if you really need it. The reality is most users are better off with no control as control is what created the huge fucking mess of unpatched machines with previous versions where so-called friends advised friends to turn off updates or they read it somewhere that updates were dangerous or they made the mistake of reading Slashdot where every conspiracy theory known to man is posted as fact.

Re:WAIT, WAIT

you can have full control over the update and call home abilities if you really need it.

Helloooo I buy my machines to do work or gaming, not friggin eternal updating. So yes I *really* need to disable things that cause lag or eats memory.

The reality is most users are better off with no control as control is what created the huge fucking mess of unpatched machines with previous versions where so-called friends advised friends to turn off updates or they read it somewhere that updates were dangerous or they made the mistake of reading Slashdot where every conspiracy theory known to man is posted as fact.

The reality is that microsoft has perverted the "update things", the "install things" and the "we may know what things you may want to use".

Some people may like to procastinate configuring windows instead of watching cat videos.
Like: tweak Policies, Options, Registry, Install XX, Install YYY...

"ain't nobody got time for that"

So the short answer is "disable updates",

Re:WAIT, WAIT

Helloooo I buy my machines to do work or gaming, not friggin eternal updating. So yes I *really* need to disable things that cause lag or eats memory.

then don't fucking complain when you get exploited and infected with virus's. clueless morons like you are what has forced them to go down this road in the first place, you claim you care about what is running but can't be bothered to spend a few minutes to do things correctly yet will bitch about how it doesn't work.

Vista and 8.1

[yoda-dono]

What does this mean for Windows versions other than XP, 7 or 10?

M$'s continual bandaid solutions continue to fail

[Indy1]

Bullshitware like UAC (which stops zero malware in just about every security study I've read), or secure boot, or any other number of "security" theater that M$ comes up with, they all end up failing horribly.

There's no substitute for designing things securely.

most interesting quote

"Heap spray attacks are probably one of the most esoteric types of exploitation and this is for Windows, which does not have source code available, ... Performing a similar heap spray on Linux is difficult, but easier than this"

PCMatic

3.0!

"Researchers"?!

I thought what these "researchers" did was illegal? Now they are even advertising it.

Re:"Researchers"?!

It's not illegal to demonstrate flaws in a system. As a consumer, all you have to do is apply this algorithm:

while (there exists an unpatched flaw in my computer) { keep computer turned off }

So is win10 Vulnerable?

[old_kennyp]

the OP said that "were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks"
but then goes on to say that if patched it is safe?

Does the vulnerability affect both patched and unpatched installs?

Re:So is win10 Vulnerable?

[AHuxley]

Page 12 of the linked pdf shows what could happen under the "Version of Microsoft Windows 10" part. Page 2 has the Executive Summary.
The problem is not that any MS product is "safe", its that a US gov product in the wild could be used in creative ways.

Re:So is win10 Vulnerable?

[Targon]

The design of Windows 10 helps to prevent these TYPE of attacks, but even then, some vulnerabilities will always be found over time. Patches released back in March of 2017 fixed the problem, unless the OP is talking about a new version that bypasses the FIX that Microsoft released. That is what isn't clear.

Unpatched OS is vulnerable to modern exploits

Film at 11.

Look, if you bent over backwards (because you have to bend over backwards, to prevent W10 from updating itself without so much as asking) to disable updates, and then didn't bother to check and manage updates yourself... then what did you frickin' expect to happen?

NOTHING NEW HERE!~

This was KNOWN when the first attacks were being reported. Where the FUCK have you been?

Re:M$'s continual bandaid solutions continue to fa

UAC is a failed attempt at replicating sudo* as it's missing fine grained control. UAC is also integrated into the Windows APIs in a way that causes a lot of problems for older software*.

Secure Boot is malware, not a security system. If the person who bought the damn thing is told "I have another master" or "You're not my master"*, it's not a security system.

The TPM crap that they heavily backed is also another "You're not my master" malware package.

Their automatic updates crap as of late, causes more problems than it helps. (Use computer, go to bed, wake up, annnnnddd.... it's gone!) Nevermind undermining it for spying purposes.

There's no substitute for designing things securely.

They are designing it to be insecure, intentionally. They never had any intention of it being secure for you, just themselves. Of course it's failing horribly for you. It's supposed to.

*sudo is meant to allow administrators to assume the user ID of the super user (uid 0) for a task (and anything it spawns). UAC doesn't actually perform this task. (See also the Windows "runas" command.)

*sudo just changes the effective uid for a process, and therefore can be implemented without even recompiling anything. UAC however, changes the APIs, and anything that doesn't conform to it's changes, or isn't expecting them, may not run at all or just outright crash. (It's heavily integrated into the File and Folder Redirection component.) UAC also tries to "detect" when a program tries to perform a privleged task, (sudo simply doesn't run when the program does, and therefore the program's behavior is not altered.) and displays an authorization prompt on the secure desktop. This prompt doesn't work in a lot of cases though, (anything run from the CLI unless it performs elevation itself, and any non-user initiated task. (User SID is not used by the program.)) and the results are typically not pretty.

*Secure Boot Note: Yes, most secure boot implementations allow the end user to change the key or disable it, but I've only seen one implementation where changing the key didn't involve disabling it, then boot to a command prompt to install the new key. (Some ASUS laptops have an option in their firmware to load a new PK.) Of course another issue is the "One Key to rule them all" design failure, which MS disregarded as an issue. Probably (as predicted long ago...) for when MS decides to throw the switch and make the MS Store the only valid software source for Windows. (Which is a real possibility now, all it would take is one firmware update (remove the disable secure boot / change key options) and one update to Windows sent out by the Windows Update Service.)

Re:M$'s continual bandaid solutions continue to fa

> secure boot

When Secure Boot is enabled, and supported by the underlying OS, it defeats Evil Maid. It also defeats surreptitious replacement of one's bootloader and OS kernel. Something that defeats whole classes of attacks isn't bullshitware.

> UAC

UAC is no less effective than sudo. Because of Windows' Window Stations UAC is -in fact- superior to every X11-based GUI for sudo. (On X11 systems, anyone running as the same user running the sudo elevation GUI can sniff the keystrokes entered in that GUI. On Windows, UAC happens in an isolated session. You'd have to have installed a root-level keylogger to sniff those keystrokes... and if you've got root you can do _far_ more interesting things than sniffing someone's password.)

Of course, the big caveat for _every_ security measure is that if a First World Nation-state is after _you_, specifically, there's very little you can do to stop them forever. They have effectively infinite money and people at their disposal.

I'm surprised that someone with such a low UID would be so confused about fundamental computer security issues!

Ok then

[Sycraft-fu]

Please explain what needs to be done to "design things securely." Explain what specific sort of technical controls should be put in place in a kernel to prevent attacks. Make sure you aren't listing ones that they have already implemented, such as NX memory regions (which is what DEP is) and also make sure you aren't listing things you like in other OSes that are done in Windows under a different name like separate user/superuser privilege (which is what UAC is for). Let's hear these these brilliant, 100% effective solutions you have. I mean you clearly must know how, since you are so sure Microsoft doesn't do it, right?

Or if not, kindly stuff it and quit blathering on about shit you don't know anything about. Maybe go take a SANS course and get a handle on how there is NO perfect security, anywhere, period, and ti is all incremental, all about making things harder for adversaries.

For that matter you could even start at reading the linked article which says "Performing a similar heap spray on Linux is difficult, but easier than this. A lot of work went into this."

Re: Ok then

A better security model at the cpu level would do wonders against these attacks. For example, intel cpus do not have separate execute and read/write protection bits. If they did, it would be possible to have non-executable writable pages, avoiding heap spraying and nop sliding.

Re: Ok then

A better security model at the cpu level would do wonders against these attacks. For example, intel cpus do not have separate execute and read/write protection bits. If they did, it would be possible to have non-executable writable pages, avoiding heap spraying and nop sliding.

maybe - but that is design at the chip level - and not a fault of M$; simply a weakness M$ must design around.

This is why turning off updates is bad

[Targon]

One of the biggest problems with Windows 7 is that the Windows Update system can break, and the automatic repair tools don't have the ability to fix the problem in a number of cases. If you intentionally turn off Windows Updates for whatever reason, and then do not go through the patches each week and install the "good" ones, you are setting yourself up for trouble. The vulnerabilities in Windows for Wannacry had a patch for Vista and newer back in March, so only those not installing updates were really vulnerable by the time Wannacry hit the news.

So, like the changes to Windows or not, if you refuse the fixes that are made available, and THEN something happens, it is actually your fault at that point. It is like recall notices on cars, where if you get a recall notice saying your transmission might catch on fire in some situations without the recall, and you choose to ignore it or put it off, and then your transmission catches on fire, that is YOUR fault. A free fix was offered to prevent problems, and you ignored it.

Re:This is why turning off updates is bad

You misunderstand the user's threat model (and I suspect, many users do not explicitly understand their own threat model). A hacker might infect my system and steal my data. The software vendor definitely will. Therefore, the software vendor is a greater threat than hackers. So, I disable automatic updates so that I can vet updates before I install them.

Re:This is why turning off updates is bad

[eaglesrule]

So really the decision becomes give MS access to all your data, or risk malware. There is no selecting for 'good patches' anymore going forward, with the patches being rolled up into just a couple varients, and MS has proven with the win10 upgrade debacle that they won't hesitate to abuse the update system as they see fit.

So, if you want to protect yourself against current malware threats, you don't have a choice about installing whatever telemetry update MS decides to include in the patch, or any of the other arbitrary changes MS makes.

As for your analogy, some might decide to risk their transmission catching on fire if it means retaining full control of the vehicles settings and not having surveillance and tracking equipment installed. Like being unable to turn off the radio or lower the volume when it plays an advertisement for every store you drive past.

Re:This is why turning off updates is bad

wellp on win 10 things breaks too, you know like the "official" apps manager...

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ps
'ps' is not recognized as an internal or external command,
operable program or batch file.

C:\WINDOWS\system32>powershell
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.

PS C:\WINDOWS\system32> Get-AppxPackage
Get-AppxPackage : The service cannot be started, either because it is disabled or because it has no enabled devices
associated with it.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
At line:1 char:1
+ Get-AppxPackage
+ ~~~~~~~~~~~~~~~
        + CategoryInfo : NotSpecified: (:) [Get-AppxPackage], Exception
        + FullyQualifiedErrorId : System.Exception,Microsoft.Windows.Appx.PackageManager.Commands.GetAppxPackageCommand

PS C:\WINDOWS\system32>

NSA/CIA behind WannaCry

Several of the Windows updates that patched the related security holes were both finalized and digitally signed several months prior. This indicates that a handful of people at Microsoft were aware of what was going on, and had been compelled by court order on how to proceed and to stay quiet.

Most likely, NSA/CIA used this to probe European, Russian, and Asian networks to discover what the effects of an attack like this would be, and how much damage could be caused to public offices and facilities, with little regard to civilians.

Why does the world tolerate this? It was literally an act of war.

great

[SuperDre]

and yet another attempt at getting 15 minutes of fame.. Using a security hole that has been fixed almost 3 months ago, with an OS that updates itself about every week, so unless you really have updates turned off and never manually loaded updates it's mute.. Why do these guys even get attention?

Security Researchers port WannaCry to Windows 10.

Security Researcher: We ported WannaCry to Windows 10.
Hacker: Thanks for doing our work for us !

Re:M$'s continual bandaid solutions continue to fa

[thegarbz]

(which stops zero malware in just about every security study I've read)

Observer bias. It stops 100% of malware that it was designed to stop by prompting the user to specifically run said malware. Your observation fails to note the following:
1. Malware got more sophisticated than getting a user to double click an .exe file.
2. You don't hear or read about failed malware that ended up having no impact.

Security is not an end, it's a process. It's a cat and mouse game. With each vector closed new attack vectors are explored. Modern malware looks absolutely nothing like it did in the pre-Vista days. Modern attack vectors look nothing like it either.

Re:M$'s continual bandaid solutions continue to fa

[Sycraft-fu]

UAC is not a sudo replicant, it is a tool for easily escalating to a privileged user. It is akin to what you see in many modern Linux GUIs when you try to run something, it asks for escalation and then runs as root, often for a period of time thereafter. Also your understanding of how UAC works is incorrect, you can have it change user contexts if you wish to set it up that way. You can tell UAC how to operate. Normally what it does is present even administrators with a restricted security token until they escalate.

Fine grained sudo control is more akin to Just Enough Administration (https://msdn.microsoft.com/en-us/library/dn896648.aspx) though that is even finer grained sudo.

Much like the original poster, please don't spout off if you don't know what you are talking about. There's a lot of documentation on the Windows security model out there, if you want to look in to it. However trying to criticize it when you don't understand its functionality is silly.

Re:M$'s continual bandaid solutions continue to fa

[sydbarrett74]

They never had any intention of it being secure for you, just themselves.

... and the three-letter agencies when they come a-knockin'.