Mysterious Microsoft patch killed 0-days released by NSA-leaking Shadow Brokers

Source: ARS Technica, Dan Goodin

Microsoft fixed critical vulnerabilities in uncredited update released in March.

Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.

That’s because the critical vulnerabilities for four exploits previously believed to be zero-days were patched in March, exactly one month before a group called Shadow Brokers published Friday’s latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn’t unprecedented, but it’s uncommon, and it’s generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday’s leak.

Microsoft provided the following table showing when various vulnerabilities were patched:

Code NameSolution
EternalBlueAddressed by MS17-010
EmeraldThreadAddressed by MS10-061
EternalChampionAddressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher”Addressed prior to the release of Windows Vista
EsikmoRollAddressed by MS14-068
EternalRomanceAddressed by MS17-010
EducatedScholarAddressed by MS09-050
EternalSynergyAddressed by MS17-010
EclipsedWingAddressed by MS08-067

A measure of relief

The revelation that none of the highly advanced exploits work against supported Microsoft products brings a measure of relief to some of the more dire warnings sounded 24 hours earlier. It means that most home and small-office users are likely to be safe, since their systems are likely to have automatically installed the critical updates weeks ago. Computers in larger organizations, however, can often remain two or more months behind Microsoft’s patch schedule, as administrators test the updates to ensure they’re compatible with intranets and other internal systems. That means that some of the most sensitive and mission-critical networks may still be vulnerable to the four exploits, which are known as EternalBlue, EternalChampion, EternalSynergy, and EternalRomance.

FULL ARTICLE

GET THESE CYBER SECURITY CERTIFICATIONS. 

CHECK OUT THESE MICROSOFT TECHNOLOGY COURSES

Leave a comment

Your email address will not be published.

0
Connecting
Please wait...
Send a message

Sorry, we aren't online at the moment. Leave your message and we'll respond to you as soon as we're back in the office!

Your name
* Email
* How can we help?
    Start Chat Now

    Hello and welcome!

    I'm here if you have any questions.

    * Your name
    * How can we help?
    We're online!
    Feedback

    Help us help you better! Feel free to leave us any additional feedback.

    How do you rate our support?
      Loading ...