Slashdot Mirror
Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions (bleepingcomputer.com)
An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.
Don't attribute to malice what can be attributed to incompetence.
Windows is and has always been a pile of excrement especially when it comes to security.
Custom electronics and digital signage for your business: www.evcircuits.com
The original exploit worked up to Windows 8. The "security researcher" updated it to work with newer Windows versions, but not Windows 10, apparently. So he updated it to work against Windows 8.1, and maybe Windows Server 2016 if it somehow works there but not on Windows 10.
My ass, posting it to the open public makes you nothing more than a script kiddie.
Yes. Once most of the Internet runs on Linux there is going to be real trouble!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
More than just that. You should never trust your internal network either. All these companies that got hit by this TURNED OFF THE WINDOWS FIREWALL (or, at a minimum opened the ports for SMB). This means they trusted their internal network and some stupid admin at the company wanted to be able to use the c$ or admin$ share to access the machines. For this, they enabled SMB on the computers to get through the firewall. A default, out of box install has this blocked. We have it blocked at the enterprise where I work too - because we didn't want to get an exploit that came through and cost us tons of money and then have to tell management that it wouldn't have happened if we left the damn out of box security settings alone. That type of thing gets people fired. I'm sure the WannaCry and the like (which also use SMB exploits) were banging on our machines like crazy but the firewall just drops the packets. If people purposely configured Linux insecurely it would get remotely attacked too - and people here would call the admins idiots. These admins were idiots too.
Yeah, the main line of thinking would be, "WOW! Microsoft pushed Windows 10 so hard to get people protected from all this shit!"
Then you realize Microsoft didn't have patches and didn't know about this shit until the storm came.
Never attribute to brilliance what can be attributed to dumb luck.
Support my political activism on Patreon.
A broken clock is right once a day.
*twice.*
Why UNIX?