HackDig : Dig high-quality web security articles for hackers

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

2017-07-28 13:10

In April, the Shadow Brokers -- presumably Russia -- released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 -- based on timestamps of the documents and the limited Windows 8 support of the tools:

  • Three were already patched by Microsoft. That is, they were not zero days, and could only be used against unpatched targets. They are EMERALDTHREAD, EDUCATEDSCHOLAR, and ECLIPSEDWING.

  • One was discovered to have been used in the wild and patched in 2014: ESKIMOROLL.

  • Four were only patched when the NSA informed Microsoft about them in early 2017: ETERNALBLUE, ETERNALSYNERGY, ETERNALROMANCE, and ETERNALCHAMPION.

So of the five serious zero-day vulnerabilities against Windows in the NSA's pocket, four were never independently discovered. This isn't new news, but I haven't seen this summary before.


Source: 44211.2//golb/:7102,moc.reienhcs.www:gat

Read:2648 | Comments:0 | Tags:No Tag

“Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools