Latest Exploit Dump By Shadow Brokers Contains Easy-To-Use Windows Exploits, Most Already Patched By Microsoft

from the menu-driven-God-Mode dept

The Shadow Brokers — having failed to live up to half their name — released more NSA exploits last week when it became apparent no one was willing to purchase the exploits from them. This dump was far more interesting than previous releases, as it contained a large number of Windows exploits and — for some — a very handy, easy-to-use front end for malware deployment.

This dump probably ruined a few Easter weekends at Microsoft, but not nearly as many as was first presumed. While the exploits targeted older versions of Windows, they would have caused trouble for government and corporate networks still relying those versions. Those targeting unsupported versions are the most dangerous, as those holes will never be patched. They’re also the ones with the smallest user bases, so that mitigates the damage somewhat.

As Marcy Wheeler points out, the NSA had plenty of time to warn Microsoft about unpatched holes prior to the Shadow Brokers’ latest dump.

That’s a critical detail for the debate going on on Twitter and in chats about how shitty it was for SB to release these files on Good Friday, just before (or for those with generous vacation schedules, at the beginning of) a holiday weekend. While those trying to defend against the files and those trying to exploit them are racing against the clock and each other, it is not the case that the folks at NSA got no warning. NSA has had, at a minimum, 96 days of warning, knowing that SB could drop the files at any time.

The big question, of course, is whether NSA told Microsoft what the files targeted. Certainly, Microsoft had not fully responded to that warning, as hackers have already gotten a number of these files to work.

Unlike the CIA dump happening at Wikileaks, the NSA had a pretty good idea what was contained in the Shadow Brokers stash. Microsoft, however, says it was never contacted by the NSA or “any agency” about the exploits ahead of their release.

Despite this statement, the exploits appear to have already been patched by Microsoft.

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.

The most interesting patch on the list is MS17-010, released March 14th. It patched several remote code execution holes in older Windows versions. These patches weren’t applied to test machines, resulting in the mistaken conclusion these vulnerabilities hadn’t been fixed.

But the patch notes say nothing about who disclosed the vulnerabilities, which makes it an anomaly. Microsoft’s denial, combined with its blank “acknowledgements” page, suggests the NSA itself warned the company about the vulnerabilities. It seems unlikely Shadow Brokers would have given Microsoft a heads up, as it hadn’t warned any other affected vendor up to this point.

If so, the Vulnerabilities Equity Process sort of works. I mean, the NSA held onto these as long as it could, but finally informed the affected party when it became apparent it might have to share its “exclusive” exploits with the rest of the world. Better late than never, and certainly better when delivered ahead of a very public disclosure.

What’s in the latest dump is now mostly useless. But not completely useless. There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.

Not that those with the latest and greatest should rest easy. The NSA hasn’t stopped producing and purchasing exploits. The SB stash was a few years old. Current Microsoft software remains under attack from state intelligence agencies and criminals. But this dump of tools shows just how powerful the NSA’s toolkit is — one made even more dangerous by its apparent ease of use. It makes exploit delivery possible for anyone, not just those with a very specific skillset.

Filed Under: , , , , , , , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Latest Exploit Dump By Shadow Brokers Contains Easy-To-Use Windows Exploits, Most Already Patched By Microsoft”

Subscribe: RSS Leave a comment
ECA (profile) says:

Holes in Programming..

YES, there are holes..
MS made the programming language, and anyone can have a copy..
Holes MS built into the they could SELL the ability to ADVERT TO YOU..and they move that hole back and forth.

MANY could be fixed. with a few tricks, but would also BREAK what they wish to show you on the net..
Separate the LANGUAGES..Take JAVA and Jscript, and OPEN its OWN window and SANDBOX IT.. but windows LOVES JS..

In the internet you are running an EMULATOR that can/will read over 7 programming languages and display things to you and give you an ability to DO THINGS LIKE purchase from Amazon..

THEN there is another FACT..MS keeps trying to Automate things…QUIT IT. it gets people in trouble. THINKING that people will ALWAYS PAY TO UPDATE/UPGRADE is asinine/STUPID….The first product they BUY they wish to keep FOREVER.. Thinking that YOU CAN DO BETTER, Isnt true.
you have made people FORGET the old ways of programming and SERVER protection.. “Unless they KEEP things updated…you WONT do anything for them”… THE OLD SERVER OS’s WORKED GREAT and were a PAIN to setup, but STILL WORK.. Once setup, you could UPDATE them, and not worry about WHAT you had setup, because it was PROPERLY setup and designed..NOT a WHOLE new convoluted, Whats this, wheres that..
YOU HAD TO HAVE people who KNEW what and HOW things were done..

INTEL could have updated your OLD hardware designs YEARS ago, but you said NO.. you could have been Multitasking in HARDWARE, not software..Multi CPU could have been around since even bought NT..and DROPPED IT LIKE A ROCK after 2 itinerations..

THE NEW OS, is a compilation of TRYING to make an OS that works on ALL things..Tablet/phone/Console/Computer.. but its NOT EASY and the hardware in Phones and Tablets is MORE ADVANCED and designed AS INTEL wanted to do in the past..

The NEXT update to WINDOWS should be the HARDWARE and a NEW OS…PERIOD.. With a few changes you could Double or triple WHAT windows could do..

ECA (profile) says:

Re: Re: Holes in Programming..

“A massive redesign of their operating system from scratch?
Why would they want to do that? The majority of users don’t even touch what it can do now.”

Just hardware..
Where Multitasking SHOULD BE..
Where parallel Processing can DO the JOB..
Getting RID of IRQ, which was dead long ago..and hidden under layers of Scripts..

Anonymous Coward says:

Re: Holes in Programming..

Not sure where you are getting these “facts” but the “old ways of programming and SERVER protection” really sucked or in many cases were non-existent. When software breaks during an OS patch/upgrade because it was hard-coded to use a specific OS version number, I don’t consider that to be a good thing and something we should go back to.

Also considering the fact that new OS’s are magnitudes more secure than older ones and you can get more done with less time invested, I really do not see your point. In general automation and increased security are good things. And Microsoft has been moving more and more towards sandboxing applications, something older OS’s did rarely if at all.

You still have to have people who know how things are done, it’s just that the way things are done is different now than from 20 – 30 years ago. Yes setting up the old server OS’s were a major pain, and because of it were often set up incorrectly which caused all kinds of stuff to not work right and/or be less secure than normal.

The new OS’s are much easier to set up correctly, you still have to know what you are doing, but there is less of a chance of setting up something wrong. A new Server 2012 domain, complete with AD, DHCP, and DNS can be spun up in a matter of hours and be configured correctly, functioning, and reasonably secure. The same cannot be said for older operating systems.

It kind of sounds like you just want to re-live the “glory days” when you could do what you want because people were still figuring out how to use all these fancy new toys and didn’t have to worry about things actually being secure and software being coded properly.

ECA (profile) says:

Re: Re: Holes in Programming..

There is 1 main point to Servers Im suggesting more then anything..
They have gotten rid of the Sysop/ much as possible.
And its funny, with the SONY servers in Brazil, that they Got away with TONS of data..

Since you have an idea of whats happening, lets ASK how someone gets away with terabytes of DATA and no one noticed until it was to late??
This should have been a restricted access..
Sending a Bot out to ID the person connecting? At least let it PING Local Wan to Close the location..OR EVEn to ID the hardware to verify its a proper person to BE THERE??
Pick a Major contractor name of a server break in..and ask HOW it could be done..
Names and numbers of persons Using the service LOST?? They could of broken up the Data file and Written it to multiple locations, and Hidden them..and only 1 program to PUT them back together..
These are OLD tricks, and OLD protections that STILL WORK..

It either Laziness or Someone on the Inside taking advantage..And if you want WEIRD on this, it wouldnt surprise me if the GOV. has taken the idea to Gather personal info on ALL of us..either PAID or harassed corps to supply the data.

Then the IDEA that using the internet as a SAFE way to access DATA and keep it safe? is STUPID..1000 monkeys will eventually Crack any site..

Anonymous Coward says:

Re: Holes in Programming..

English 101 for conspiracy theorists, alt-right, sovereign citizens, and general all around paranoid nutters: all caps doesn’t make your statements factual or anything more than an incoherent and ignorant rant that it is without the caps.

There’s so much wrong with this post that it would take two pages of rebuttal and a multi-page article on the history of the x86 hardware architecture to address.

Anonymous Coward says:

The dump is the tip of the iceberg

It’s illustrative, not exhaustive — and thus in part serves as effective advertising for Shadow Brokers, who are no doubt sitting on a stockpile of exploits against current versions of Windows (and everything else) that they’re not about to share unless they’re paid. And the NSA surely has its own stash, which may or may not overlap. And other vulnerability brokers, other government agencies, have theirs.

If you’re running Windows, MacOS, Android, or iOS, and you’re a target, you’re screwed. And increasingly, “Linux” needs to be in that sentence.

Anonymous Coward says:

Re: The dump is the tip of the iceberg

The current tin-foil conspiracy rumor is the ShadowBrokers are just one guy who used to work for the NSA. From what I’ve read about it the exploits that were taken stop at 2013.
SB wise later holes may be safe but since the NSA/FBI/ETC have to deploy their tools onto machines and seem to do a bad job of removing them afterwards it’s really hard to say who all may have found them, reverse engineered the code and redeployed it back into the wild.

christenson says:

Re: Exploit delivery for anyone

We are all glorified script kiddies…just some of us know enough to write the scripts and discover new ones.

Don’t believe me? Turns out that’s what most invention is all about…simplification so all the details don’t have to be mastered. Programming is no different…I don’t have to be able to program a website to browse and comment here on Techdirt, thank you Techdirt!

Anonymous Coward says:

There are still plenty of machines running older Microsoft software that are still vulnerable, many of them possessed by corporations and government agencies. If the software is old enough, the security holes are permanent.

It doesn’t even need to be all that old. Microsoft bungled the Windows 10 public relations rollout so badly that some small shops adopted a policy banning all future Windows updates, consequences be damned, in the hope of preventing the unwanted conversion to Windows 10. The Windows 10 privacy disaster only reinforced that position. Those shops are now vulnerable even to things that Microsoft actually does fix on downlevel platforms, because Microsoft so utterly ruined its credibility in its zeal to forcibly convert everyone to Windows 10.

Roger Strong (profile) says:

Re: Re:

We set up a couple Server 2008 machines well after Server 2012 was released, because that’s what the big international vendor required for their brand new freight management system.

And so seven years after Server 2008 was released, asking to replace those machines was a non-starter because “we just got them.”

That’s how things work in the real world.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...