The exploits that were stolen by the NSA last year and were thought to only affect older versions of Windows, were modified to be functional in all Microsoft operating system versions from Windows 2000 onwards.
Sean Dillon security researcher RiskSense (also known as zerosum0x0 στο Twitter) αναφέρει ότι τα τρία exploits που κατάφερε να μετατρέψει είναι τα EternalChampion, EternalRomance, και EternalSynergy. Το EternalBlue, είναι ένα άλλο exploit της NSA που διέρρευσε από την hacking ομάδα Shadow Brokers in 2017. The exploit has already been used in the WannaCry and NotPetya ransomware distribution attacks.
What Dillon was able to do was modify the exploits to target two different vulnerabilities across Windows. These exploits were then included in the Metasploit Framework and can now affect even the latest operating systems, such as Windows 10, which were initially considered to be unaffected by NSA tools.
EternalSynergy can exploit the vulnerabilities CVE-2017-0143 and CVE-2017-0146. EternalRomance can only exploit the vulnerability CVE-2017-0143, while EternalChampion only CVE-2017-0146.
In the documentation published in GitHub, Dillon explains that vulnerable targets are the versions of Windows released between 2000 and 2016, and attackers can acquire up to administrator privileges.
What is important to know is that these new exploits can compromise a system only if it is not patched, so it is very critical for all Windows users to immediately install all the latest security updates.
Those of you using Windows XP or Windows Vista, i.e. operating systems that no longer receive security updates, it would be a good idea to upgrade to a higher one version of Windows.