However in this case Microsoft engineers have acted quickly and in the shortest possible time they made a patch for such exploit leakage which is potentially unsafe to users of their systems.
Advertisement
The documents published by the hacking group list exploits for Windows servers and Windows computers.
Microsoft has yet to release a patch, and it’s unclear when that might happen.
For now, it’s not exactly clear how Microsoft found out about these exploits or who tipped them off. No, they’re not. Shadow Brokers said in a blog post that this leak won’t be their last, saying “Maybe if all suviving WWIII theshadowbrokers be seeing you next week”. In the cases of the exploits dubbed ETERNALCHAMPION and ETERNALBLUE, Talos had pre-existing coverage that detects attempts to exploit these vulnerabilities.
The authenticity of Friday’s document dump could not immediately be determined but the group’s previous releases have been corroborated by material leaked by former US intelligence contractor Edward Snowden and software patches issued by major USA technology firms.
If Microsoft is correct that its software has been patched, the company sidesteps one of the grave concerns of ShadowBrokers-style leaks.
The Shadow Brokers documents, whose authenticity has not been verified by The National, suggest that the NSA has used access to EastNets systems to monitor Middle Eastern customers’ financial transactions.
The dump was the second from Shadow Brokers this week, but the first that contained major exploits in several months. Microsoft says it patched this one in MS10-061. “NSA did not warn Microsoft“, he said in a tweet. When the Shadow Brokers recognized that the exploits were no longer valuable zerodays, they published them in a campaign created to sow confusion.
While EastNets vehemently denied it was breached just hours after the dump, Microsoft took a more proper approach and said it was reviewing and testing the exploits. The problem with this theory, however, is the coincidental timing of the patch and leak seem highly unlikely. This means unsupported and older versions, such as Windows Vista or Windows XP are possibly still vulnerable to three exploits, which didn’t return any results for supported platforms. Security researcher Kevin Beaumont, who examined the exploit, said in a tweet that the tool was “very well” built.
Be proactive – Use the “Flag as Inappropriate” link at the upper right corner of each comment to let us know of abusive posts. “Because there was no indication Microsoft patched these bugs, researcher systems did not include last month’s patches, so they [the exploits] still worked”.
Advertisement
That said, multiple experts said the sheer number of zero days released at the same time was unprecedented. Ars regrets the error.
