{"id":7371,"date":"2017-04-17T12:31:17","date_gmt":"2017-04-17T20:31:17","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/17\/news-1162\/"},"modified":"2017-04-17T12:31:17","modified_gmt":"2017-04-17T20:31:17","slug":"news-1162","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/17\/news-1162\/","title":{"rendered":"IDG Contributor Network: Most of the Windows zero-day exploits have already been patched"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt4.staticworld.net\/images\/article\/2017\/02\/thinkstockphotos-485001492-100707973-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Andy Patrizio| Date: Mon, 17 Apr 2017 12:46:00 -0700<\/strong><\/p>\n<p>Late last week, a hacker group known as The Shadow Brokers released a trove of Windows exploits it claims to have obtained from National Security Agency&#8217;s (NSA&#8217;s) elite hacking team. The group released the tools and presentations and files claiming to detail the agency&#8217;s methods of carrying out clandestine surveillance on Windows server software dating back to Windows XP and set off a mild panic for what was otherwise a slow Friday.<\/p>\n<p>There\u2019s just one problem: Microsoft says it has already issued patches for the majority of exploits, with some of them coming out as recently last month. The MSRC team made a blog post on Friday, the same day Shadow Brokers released the exploits, pointing this out. It was a remarkably quick response.<\/p>\n<p>&#8220;Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,&#8221; wrote Phillip Misner, principal security group manager for the Microsoft Security Response Center.<\/p>\n<p><strong>Code Name<\/strong><\/p>\n<p><strong>Solution<\/strong><\/p>\n<p>\u201c<strong>EternalBlue<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\">MS17-010<\/a><\/p>\n<p>\u201c<strong>EmeraldThread<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms10-061.aspx\">MS10-061<\/a><\/p>\n<p>\u201c<strong>EternalChampion<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0146\">CVE-2017-0146<\/a> &amp; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2017-0147\">CVE-2017-0147<\/a><\/p>\n<p><strong>\u201cErraticGopher\u201d<\/strong><\/p>\n<p>Addressed prior to the release of Windows Vista<\/p>\n<p>\u201c<strong>EsikmoRoll<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms14-068.aspx\">MS14-068<\/a><\/p>\n<p>\u201c<strong>EternalRomance<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\">MS17-010<\/a><\/p>\n<p>\u201c<strong>EducatedScholar<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms09-050.aspx\">MS09-050<\/a><\/p>\n<p>\u201c<strong>EternalSynergy<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms17-010.aspx\">MS17-010<\/a><\/p>\n<p>\u201c<strong>EclipsedWing<\/strong>\u201d<\/p>\n<p>Addressed by <a href=\"https:\/\/technet.microsoft.com\/en-us\/library\/security\/ms08-067.aspx\">MS08-067<\/a><\/p>\n<p>The exploits, all with peculiar names that start with the letter E, allowed a hacker to compromise affected computers and affected a variety of Windows versions. One of the exploits dated back to Windows Vista, but was addressed before Vista was even released.<\/p>\n<p>Microsoft said three of the exploits &#8212; ENGLISHMANDENTIST, ESTEEMAUDIT, and EXPLODINGCAN &#8212; could not be reproduced on supported systems, which means anyone using Windows 7 or above is not at risk. Of course, customers still running those older operating systems are encouraged to upgrade to a supported operating system, Microsoft said in the blog post.<\/p>\n<p>Some of these vulnerabilities are incredibly old. ExplodingCan creates a remote backdoor by exploiting older versions of Microsoft\u2019s Internet Information Services Web server on older versions of Windows Server. EternalSynergy is a remote SMB exploit for Windows 8 and Server 2012. And EternalRomance is a remote SMB1 exploit targeting Windows XP, Vista, 7 and 8, plus Windows Server 2003, 2008 and 2008 R2.<\/p>\n<p>Some researchers caused a panic by stating these exploits were zero-days, meaning they were vulnerabilities Microsoft was not aware of. Apparently, they didn\u2019t bother to test against a recently patched system.<\/p>\n<p><strong>This article is published as part of the IDG Contributor Network. <a href=\"\/contributor-network\/signup.html\">Want to Join?<\/a><\/strong><\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3190370\/security\/most-of-the-windows-zero-day-exploits-have-already-been-patched.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt4.staticworld.net\/images\/article\/2017\/02\/thinkstockphotos-485001492-100707973-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Andy Patrizio| Date: Mon, 17 Apr 2017 12:46:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>Late last week, a hacker group known as The Shadow Brokers released a trove of Windows exploits it claims to have obtained from National Security Agency&#8217;s (NSA&#8217;s) elite hacking team. The group released the tools and presentations and files claiming to detail the agency&#8217;s methods of carrying out clandestine surveillance on Windows server software dating back to Windows XP and set off a mild panic for what was otherwise a slow Friday.<\/p>\n<p>There\u2019s just one problem: Microsoft says it has already issued patches for the majority of exploits, with some of them coming out as recently last month. The MSRC team made a blog post on Friday, the same day Shadow Brokers released the exploits, pointing this out. It was a remarkably quick response.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3190370\/security\/most-of-the-windows-zero-day-exploits-have-already-been-patched.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714],"class_list":["post-7371","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7371"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7371\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}