An independent patch for older Microsoft systems has been issued for EsteemAudit—one of the notorious NSA exploits dumped by the ShadowBrokers.
enSilo has issued the free patch, for Windows XP and Server 2003, which supports silent installation and does not require a reboot, which helps users avoid the required downtime typically associated with patch installations.
EsteemAudit is a remote desktop protocol (RDP) vulnerability that helps attackers move laterally throughout a network—leaving users exposed to ransomware, espionage campaigns and other malicious code that can propagate in the enterprise.
Microsoft has not provided a fix for its users relying on these older operating systems (other than specifically for WannaCry)—citing the fact that machines with still-supported OS are impervious to the full cadre of NSA hacking weapons. Nonetheless, as WannaCry and the other malware bursting on the scene in recent days shows, plenty of companies and individuals have not migrated off these end-of-life platforms—leaving hundreds of millions of vulnerable devices across the world.
According to enSilo, Windows XP-based systems currently account for more than 7% of desktop operating systems still in use today, while more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 (roughly 18% of global market share). Foreign governments rely on them, as do U.S. military, law enforcement and other agencies. Windows XP still underpins ATM machines, connected hospital gear and other devices many take for granted.
“With no official solution in sight, these systems are ripe for ransomware and data manipulation and theft,” enSilo researchers said in a blog. “This should be alarming for the military, along with healthcare organizations and law enforcement agencies.”