NSA’s EternalBlue exploit was ported to Windows 10, so what does that mean for you?

By: Costea Lestoc
2 minute read

The NSA’s EternalBlue exploit was ported to devices running Windows 10 by white hats and because of this, every unpatched version of Windows back to XP can be affected,  a terrifying development considering EternalBlue is one of the most powerful cyber attacks ever made public.

The best defense against EternalBlue

RiskSense’s researchers were among the first to analyze EternalBlue and concluded they would not release the source code for the Windows 10 port. A such. the best defense against EternalBlue remains to apply the MS17-010 update provided by Microsoft back in March.

RiskSense researchers published a report explaining what was necessary to bring the NSA exploit to Windows 10 and examining the measures implemented by Microsoft that could keep these attacks moving forward.

Senior research analyst Sean Dillon stated that the research was for the white hat information security industry to enhance the awareness of the exploits and lead to the development of new prevention techniques.

The new port targets Windows 10

The new port targets Windows 10 x64 version 1511 codenamed Threshold 2 released back in November. It supported Current Branch for Business. Researchers managed to bypass mitigations introduced in Windows 10 that were missing from Windows XP, 7 or 8 and they were also able to defeat EternalBlue bypassed for DEP and ASLR.

The ShadowBrokers’s leaks were snapshots of the NSA’s offensive capabilities and not an image of their current arsenal. By now, the NSA probably has a Windows 10 version of EternalBlue but until today, this option hasn’t been available to defenders.

It is believed that the NSA may have alerted Microsoft about the impending ShadowBroker leak to give the company enough time to build, test and deploy the MS17-010 before the leak.

The best type of exploit

According to Dillon, the best exploit an attacker has at his disposal is EternalBlue’s ability to instantly facilitate unauthenticated execution of remote code on Windows.

The feat managed to break a lot of new ground and Dillon said that this is a heap-spray attack on the Windows kernel. Heap-spray attacks are probably one of the most difficult types of exploitation specifically for Windows, an OS that doesn’t have source code available.

Performing such a heap spray on Linux would be tough but would be easier than this, according to Dillon. For more information, you can download the PDF report that security researchers from RiskSense published on this exploit.

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Discussions