WannaCry Exploit Could Infect Windows 10

msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers' report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10.

WAIT, WAIT

[JustAnotherOldGuy]

But Microsoft said that Windows 10 was "the safest Windows ever", EVER!

Re:M$'s continual bandaid solutions continue to fa

UAC is a failed attempt at replicating sudo* as it's missing fine grained control. UAC is also integrated into the Windows APIs in a way that causes a lot of problems for older software*.

Secure Boot is malware, not a security system. If the person who bought the damn thing is told "I have another master" or "You're not my master"*, it's not a security system.

The TPM crap that they heavily backed is also another "You're not my master" malware package.

Their automatic updates crap as of late, causes more problems than it helps. (Use computer, go to bed, wake up, annnnnddd.... it's gone!) Nevermind undermining it for spying purposes.

There's no substitute for designing things securely.

They are designing it to be insecure, intentionally. They never had any intention of it being secure for you, just themselves. Of course it's failing horribly for you. It's supposed to.

*sudo is meant to allow administrators to assume the user ID of the super user (uid 0) for a task (and anything it spawns). UAC doesn't actually perform this task. (See also the Windows "runas" command.)

*sudo just changes the effective uid for a process, and therefore can be implemented without even recompiling anything. UAC however, changes the APIs, and anything that doesn't conform to it's changes, or isn't expecting them, may not run at all or just outright crash. (It's heavily integrated into the File and Folder Redirection component.) UAC also tries to "detect" when a program tries to perform a privleged task, (sudo simply doesn't run when the program does, and therefore the program's behavior is not altered.) and displays an authorization prompt on the secure desktop. This prompt doesn't work in a lot of cases though, (anything run from the CLI unless it performs elevation itself, and any non-user initiated task. (User SID is not used by the program.)) and the results are typically not pretty.

*Secure Boot Note: Yes, most secure boot implementations allow the end user to change the key or disable it, but I've only seen one implementation where changing the key didn't involve disabling it, then boot to a command prompt to install the new key. (Some ASUS laptops have an option in their firmware to load a new PK.) Of course another issue is the "One Key to rule them all" design failure, which MS disregarded as an issue. Probably (as predicted long ago...) for when MS decides to throw the switch and make the MS Store the only valid software source for Windows. (Which is a real possibility now, all it would take is one firmware update (remove the disable secure boot / change key options) and one update to Windows sent out by the Windows Update Service.)