'Shadow Brokers' dump of NSA tools includes new Windows exploits

What this means is that if you are running a supported version of Windows, as long as you have the latest patches downloaded from Microsoft, your machine/environments are protected.

"This may well be the most damaging dump against the NSA to date, and it is without question the most damaging post-Snowden release", Weaver wrote.

The leaked files show the NSA was allegedly targeting EastNets in Dubai, Belgium, and Egypt.

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows.

Although, SWIFT has downplayed the breach saying it's not very significant and it had had no evidence of the main SWIFT network being ever accessed without authorization. If you do have an antivirus, like Microsoft's Windows Defender, or products from McAfee, Kaspersky and the like, they should update quickly to recognize these executables now that they're known.

However, though most security experts had called it as the end for the world of Windows users, Microsoft said that there's no reason to be anxious as the exploit vulnerabilities have already been patched.

The firm took to Twitter to post a statement that said that there was "no credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau".

One theory among security practitioners is that the NSA itself reported the vulnerabilities to Microsoft, knowing that the tools would be dumped publicly.

The Shadow Brokers documents, whose authenticity has not been verified by The National, suggest that the NSA has used access to EastNets systems to monitor Middle Eastern customers' financial transactions. The group complained about the lack of media coverage of its release last Saturday.

Shadow Brokers did not provide a coherent explanation of why they chose to publish the Microsoft and SWIFT vulnerabilities.

An SMBv3 remote code execution flaw in Windows 8 and Server 2012, which Microsoft says it patched via the same MS17-010.

A collective of security researchers have analyzed the leaked exploits yesterday afternoon, which helped us put a list of all the exploits, here. Also, as Travis explains, it's possible the code could eventually be modified to attack newer systems including Windows 10 and Windows Server 2016, but that will likely take more than a couple of days.

Security researcher Mustafa Al-Bassam tweeted that the NSA hacked EastNets "inside out".

This entire saga all started Friday after a hacker group known as the Shadow Brokers released tools created to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance.


Popular

CONNECT