Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security Windows Microsoft Operating Systems Privacy Software Technology

Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions ( 61

An anonymous reader writes: "Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system," reports Bleeping Computer. "ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections. The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements. Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method 'should never crash a target,' the expert says. 'Chance should be nearly 0%,' Wang adds." Combining his exploit with the original ETERNALSYNERGY exploit would allow a hacker to target all Windows versions except Windows 10. This is about 75% of all Windows PCs. The exploit code is available for download from Wang's GitHub or ExploitDB. Sheila A. Berta, a security researcher for Telefonica's Eleven Paths security unit, has published a step-by-step guide on how to use Wang's exploit.
This discussion has been archived. No new comments can be posted.

Exploit Derived From EternalSynergy Upgraded To Target Newer Windows Versions

Comments Filter:
  • I wonder if Microsoft is actually behind all these leaks in order to push people towards Windows 10.

    • by guruevi ( 827432 ) < minus bsd> on Tuesday July 18, 2017 @09:08AM (#54832161) Homepage

      Don't attribute to malice what can be attributed to incompetence.

      Windows is and has always been a pile of excrement especially when it comes to security.

      • by Anonymous Coward

        No more so than linux. But noone has cared about exploiting it because theres just not many consumers running it.

        • Yes. Once most of the Internet runs on Linux there is going to be real trouble!
      • by bluefoxlucid ( 723572 ) on Tuesday July 18, 2017 @10:36AM (#54832717) Homepage Journal

        Yeah, the main line of thinking would be, "WOW! Microsoft pushed Windows 10 so hard to get people protected from all this shit!"

        Then you realize Microsoft didn't have patches and didn't know about this shit until the storm came.

        Never attribute to brilliance what can be attributed to dumb luck.

        • Microsoft has been compartmentalizing and hardening Windows for over a decade now. This is the result of hard work rather than blind luck.

          I have complaints about their direction sometimes, but they do have some excellent developers who do amazing work---when they're not under orders to build user-hostile functionality.

          • They weren't specifically-aware of these exploits though. That's the point: that these don't work on Windows 10 isn't the storm from which Microsoft tried to save us; it's just another storm nobody predicted, and nobody predicted one this bad. "We told you to switch to Windows 10! You should have listened! Look what happened!" isn't much of a valid argument because Microsoft's decision to push for Windows 10 wasn't based on "what happened", or any prediction thereof.

            Attribution to incompetence doesn

  • by devjoe ( 88696 ) on Tuesday July 18, 2017 @09:15AM (#54832211)
    The original exploit worked up to Windows 8. The "security researcher" updated it to work with newer Windows versions, but not Windows 10, apparently. So he updated it to work against Windows 8.1, and maybe Windows Server 2016 if it somehow works there but not on Windows 10.
  • by Fly Swatter ( 30498 ) on Tuesday July 18, 2017 @09:28AM (#54832273) Homepage
    My ass, posting it to the open public makes you nothing more than a script kiddie.
    • by Junta ( 36770 )

      While you may feel the guy acted irresponsibly and deserves some sort of insulting moniker, script kiddie isn't a good fit.

      A script kiddie can't write exploits or generally understand the things they are using. They don't post exploits because they aren't that capable, they just know where to go to download and then clumsily apply the work of others.

    • Security by obscurity is not security. We can now use his published exploit to prime our IDS and IPS. There's no way he could get this to every IDS vendor in the world; he'd have to identify them all, and even I can't do that.

  • Makes me glad I took the somewhat drastic step of disabling SMBv1 on my network. As an added bonus, this makes it so Windows XP and Server 2003 are useless :).

    • Re: (Score:2, Informative)

      by mspohr ( 589790 )

      Your patch is a temporary fix.
      The real fix would be to dump Windows.

      • The Windows bashing is just stupid. It oversimplifies the problem and whitewashes Linux security issues.

        Samba has a recent arbitrary code vulnerability.

        NFS had some arbitrary remote code vulnerabilities too (although not recently).

        The real fix is: layers of security, intrusion detection, and auditing---with trained, vigilant personnel to monitor it all. There is no single solution for security.

        • by mspohr ( 589790 )

          I can understand why those who still use Windows are defensive but any objective view of the issue of security would have to conclude that Windows continues to be a security nightmare with new vulnerabilities being developed and exploited every month.
          "Stupidity is doing the same thing over and over and expecting a different result."

          • continues to be a security nightmare with new vulnerabilities being developed and exploited every month.

            This is true of every piece of software. Making this out to be a Windows-specific problem is just ignorant. It applies to applications like IIS and Apache, too, not just operating systems.

            Now, is Windows worse than the average Linux distro when considering both vulnerability count and severity? I would answer yes, but the gap is much smaller than the Win 9x/XP days.

            Are the requirements to secure and monitor the infrastructure drastically different for Windows vs Linux hosts? No, not really.

            In either case, y

        • True, but to be honest that Samba exploit required the user to already have write access to the share. Still bad, but not as bad as this SMBv1 exploit.
  • by Anonymous Coward

    WHY WHY WHY would anyone target Windows when all of the INTERESTING data is on LINUX servers?

    WHO CARES about your recipes and your photos and your music.

    ALL of the data worth stealing is on LINUX, on SERVERS at places like Amazon and ebay and YOUR BANK. The info on MILLIONS of people can be had if you can break into ONE server!

    So WHY do they go after Windows, even though the pickings are slim? Because it's EASY.

I'm a Lisp variable -- bind me!