From: Virus Guy <Virus@Guy.C0M>
Virus Guy wrote:
> analysis of the code and exploits contained in this archive should
> reveal a set of previously unknown vulnerabilities in many different
> programs and operating systems. This should result in patches and
> fixes being issued by the usual suspects, notably Micro$haft.
Apparently, it is only as of March 14 that the last few of the exploits
present in this NSA hacking toolkit archive have been patched.
The affected OS's are Win-7 and above. There are 3 exploits who's
vulnerability profile or solution I've given more details to (below).
Of those, I can find no info about the exploit known as
"EnglishmanDentist".
===============================
Microsoft posted this to their Technet blog:
April 14, 2017
https://blogs.technet.microsoft.com/msrc/2017...
aluating-risk/
====================
Today, Microsoft triaged a large release of exploits made publicly
available by Shadow Brokers. Understandingly, customers have expressed
concerns around the risk this disclosure potentially creates. Our
engineers have investigated the disclosed exploits, and most of the
exploits are already patched. Below is our update on the investigation.
When a potential vulnerability is reported to Microsoft, either from an
internal or external source, the Microsoft Security Response Center
(MSRC) kicks off an immediate and thorough investigation. We work to
swiftly validate the claim and make sure legitimate, unresolved
vulnerabilities that put customers at risk are fixed. Once validated,
engineering teams prioritize fixing the reported issue as soon as
possible, taking into consideration the time to fix it across any
impacted product or service, as well as versions, the potential threat
to customers, and the likelihood of exploitation.
Most of the exploits that were disclosed fall into vulnerabilities that
are already patched in our supported products. Below is a list of
exploits that are confirmed as already addressed by an update. We
encourage customers to ensure their computers are up-to-date.
Code Name Solution
ôEternalBlueö Addressed by MS17-010
ôEmeraldThreadö Addressed by MS10-061
ôEternalChampionö Addressed by CVE-2017-0146 & CVE-2017-0147
ôErraticGopherö Addressed prior to the release of Windows Vista
ôEsikmoRollö Addressed by MS14-068
ôEternalRomanceö Addressed by MS17-010
ôEducatedScholarö Addressed by MS09-050
ôEternalSynergyö Addressed by MS17-010
ôEclipsedWingö Addressed by MS08-067
Of the three remaining exploits, ôEnglishmanDentistö, ôEsteemAuditö, and
ôExplodingCanö, none reproduces on supported platforms, which means that
customers running Windows 7 and more recent versions of Windows or
Exchange 2010 and newer versions of Exchange are not at risk. Customers
still running prior versions of these products are encouraged to upgrade
to a supported offering.
We have long supported coordinated vulnerability disclosure as the most
effective means to ensure customers and the computing ecosystem remains
protected. This collaborative approach enables us to fully understand an
issue and to deliver protection before customers are at risk due to
public disclosure of attack methods. We work closely with security
researchers worldwide who privately report concerns to us at
secure@microsoft.com. We also offer bug bounties for many reported
vulnerabilities to help encourage researchers to disclose responsibly.
What is interesting is that although most of these patches do show up in
the acknowledgements section on TechNet, MS17-010 does not - perhaps due
to the NSA themselves reporting the exploit to Microsoft.
===========
Regarding the 3 vulnerabilities that are not addressed by the above:
EnglishmanDentist:
Is under investigation by TrendMicro
EsteemAudit:
Windows RDP RCE Vulnerability
Possible candidates:
MS12-020, MS12-036, MS15-067, CVE-2012-0002, CVE-2015-2373
ExplodingCan:
IIS WebDAV ScStoragePathFromUrl Buffer Overflow Vulnerability
Likely is CVE-2017-7269
"a Remote Desktop Protocol exploit targeted at Windows Server 2003.
This one exploits SmartCard authentication at login, and works on
a patched version of the server OS."
Apparently, MS won't be providing a patch for that one:
https://www.theregister.co.uk/2017/03/31/micr...
No patch for Windows Server 2003 IIS critical bug û Microsoft
Suggested workaround for exploited flaw: Upgrade to a non-EoL operating
system
===================
Trend Micro is saying this:
https://success.trendmicro.com/solution/11171...
Since these are specific exploits to Microsoft products and platforms,
customers are always strongly advised to have current and officially
supported versions of Microsoft products and platforms deployed with the
latest security patches installed.
However, we recognize that many enterprise and business customers have
legacy platforms still in production for various reasons. Fortunately,
Trend Micro already has some solutions available that provide some level
of protection.
Offical Pattern Release: Trend Micro added detections for known threats
associated with this release into our Official Pattern Release (OPR),
and will continue to add any new ones that are discovered accordingly.
Specifically the following detections are included as of Smart Scan
Pattern 13.345.00 (April 17th):
TROJ_EASYBEE.A
TROJ_EDUSCHO.A
TROJ_EFRENZY.A
TROJ_EQUATED.G (several variants)
TROJ_ETERNALROM.A
TROJ_EXCAN.A
TROJ_STUXNET.LEY
TROJ64_EQUATED.E
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|
[GNG] Gated, Filtered alt.comp.a... 
