The exploits stolen from the NSA last year, which were believed to affect only older versions of Windows, were modified to be operational in all versions of the Microsoft operating system from Windows 2000 onwards.
Sean Dillon security researcher RiskSense (also known as zerosum0x0 on Twitter) reports that the three exploits he managed to convert are EternalChampion, EternalRomance, and EternalSynergy. EternalBlue, is another NSA exploit that was leaked by hacking team Shadow Brokers in 2017. The exploit has already been used in the WannaCry and NotPetya ransomware distribution attacks.
What Dillon was able to do was modify the exploits to target two different vulnerabilities that exist in all Windows. These exploits were then included in Metasploit Framework and can now affect even newer operating systems, such as Windows 10, which were originally thought to be unaffected by the NSA's tools.
EternalSynergy can exploit the vulnerabilities CVE-2017-0143 and CVE-2017-0146. EternalRomance can only exploit CVE-2017-0143 vulnerability, while EternalChampion only CVE-2017-0146.
In the documentation published in GitHub, Dillon explains that vulnerable targets are the versions of Windows released between 2000 and 2016, and attackers can acquire up to administrator privileges.
What is important to know is that these new exploits can only compromise a system if it is not patched, so it is very critical for all Windows users to immediately install all the latest security updates.
Those of you using Windows XP or Windows Vista, i.e. operating systems that no longer receive security updates, should upgrade to a higher version of Windows.
