Slashdot Mirror
WannaCry Exploit Could Infect Windows 10 (threatpost.com)
msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers' report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10.
But Microsoft said that Windows 10 was "the safest Windows ever", EVER!
Just cruising through this digital world at 33 1/3 rpm...
You still use Windows ME?
What does this mean for Windows versions other than XP, 7 or 10?
Bullshitware like UAC (which stops zero malware in just about every security study I've read), or secure boot, or any other number of "security" theater that M$ comes up with, they all end up failing horribly.
There's no substitute for designing things securely.
Lawyers, MBA's, RIAA? A jedi fears not these things!
the OP said that "were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks"
but then goes on to say that if patched it is safe?
Does the vulnerability affect both patched and unpatched installs?
Film at 11.
Look, if you bent over backwards (because you have to bend over backwards, to prevent W10 from updating itself without so much as asking) to disable updates, and then didn't bother to check and manage updates yourself... then what did you frickin' expect to happen?
Hey, you insensitive clod, I used Windows ME.
ME was the last version of Windows I used.
It was so bad, I switched to Linux (and Mac) and haven't looked back.
I know people are slow and stupid but I can't believe that they keep using Windows. They must be masochists.
I don't read your sig. Why are you reading mine?
UAC is a failed attempt at replicating sudo* as it's missing fine grained control. UAC is also integrated into the Windows APIs in a way that causes a lot of problems for older software*.
Secure Boot is malware, not a security system. If the person who bought the damn thing is told "I have another master" or "You're not my master"*, it's not a security system.
The TPM crap that they heavily backed is also another "You're not my master" malware package.
Their automatic updates crap as of late, causes more problems than it helps. (Use computer, go to bed, wake up, annnnnddd.... it's gone!) Nevermind undermining it for spying purposes.
They are designing it to be insecure, intentionally. They never had any intention of it being secure for you, just themselves. Of course it's failing horribly for you. It's supposed to.
*sudo is meant to allow administrators to assume the user ID of the super user (uid 0) for a task (and anything it spawns). UAC doesn't actually perform this task. (See also the Windows "runas" command.)
*sudo just changes the effective uid for a process, and therefore can be implemented without even recompiling anything. UAC however, changes the APIs, and anything that doesn't conform to it's changes, or isn't expecting them, may not run at all or just outright crash. (It's heavily integrated into the File and Folder Redirection component.) UAC also tries to "detect" when a program tries to perform a privleged task, (sudo simply doesn't run when the program does, and therefore the program's behavior is not altered.) and displays an authorization prompt on the secure desktop. This prompt doesn't work in a lot of cases though, (anything run from the CLI unless it performs elevation itself, and any non-user initiated task. (User SID is not used by the program.)) and the results are typically not pretty.
*Secure Boot Note: Yes, most secure boot implementations allow the end user to change the key or disable it, but I've only seen one implementation where changing the key didn't involve disabling it, then boot to a command prompt to install the new key. (Some ASUS laptops have an option in their firmware to load a new PK.) Of course another issue is the "One Key to rule them all" design failure, which MS disregarded as an issue. Probably (as predicted long ago...) for when MS decides to throw the switch and make the MS Store the only valid software source for Windows. (Which is a real possibility now, all it would take is one firmware update (remove the disable secure boot / change key options) and one update to Windows sent out by the Windows Update Service.)
Please explain what needs to be done to "design things securely." Explain what specific sort of technical controls should be put in place in a kernel to prevent attacks. Make sure you aren't listing ones that they have already implemented, such as NX memory regions (which is what DEP is) and also make sure you aren't listing things you like in other OSes that are done in Windows under a different name like separate user/superuser privilege (which is what UAC is for). Let's hear these these brilliant, 100% effective solutions you have. I mean you clearly must know how, since you are so sure Microsoft doesn't do it, right?
Or if not, kindly stuff it and quit blathering on about shit you don't know anything about. Maybe go take a SANS course and get a handle on how there is NO perfect security, anywhere, period, and ti is all incremental, all about making things harder for adversaries.
For that matter you could even start at reading the linked article which says "Performing a similar heap spray on Linux is difficult, but easier than this. A lot of work went into this."
One of the biggest problems with Windows 7 is that the Windows Update system can break, and the automatic repair tools don't have the ability to fix the problem in a number of cases. If you intentionally turn off Windows Updates for whatever reason, and then do not go through the patches each week and install the "good" ones, you are setting yourself up for trouble. The vulnerabilities in Windows for Wannacry had a patch for Vista and newer back in March, so only those not installing updates were really vulnerable by the time Wannacry hit the news.
So, like the changes to Windows or not, if you refuse the fixes that are made available, and THEN something happens, it is actually your fault at that point. It is like recall notices on cars, where if you get a recall notice saying your transmission might catch on fire in some situations without the recall, and you choose to ignore it or put it off, and then your transmission catches on fire, that is YOUR fault. A free fix was offered to prevent problems, and you ignored it.
(which stops zero malware in just about every security study I've read)
Observer bias. It stops 100% of malware that it was designed to stop by prompting the user to specifically run said malware. Your observation fails to note the following: .exe file.
1. Malware got more sophisticated than getting a user to double click an
2. You don't hear or read about failed malware that ended up having no impact.
Security is not an end, it's a process. It's a cat and mouse game. With each vector closed new attack vectors are explored. Modern malware looks absolutely nothing like it did in the pre-Vista days. Modern attack vectors look nothing like it either.