Shadow Brokers Exploits: Microsoft and Swift Play Down Impact

Written by

None of the exploits recently disclosed by hacking group the Shadow Brokers work against supported Microsoft products, Redmond has confirmed.

Various initial reports on Friday suggested that the trove of information published by the group – allegedly stolen from the NSA’s Equation Group – could give even script kiddies with the most basic skills the ability to remotely hack a number of Windows systems.

However, Microsoft responded quickly to confirm that only users who aren’t up-to-date with patches or those running unsupported systems like Windows XP are at risk.

The following exploits have been patched: EternalBlue; EmeraldThread; EternalChampion; ErraticGopher; EsikmoRoll; EternalRomance; EducatedScholar; EternalSynergy and EclipsedWing.

“Of the three remaining exploits, ‘EnglishmanDentist’, ‘EsteemAudit’ and ‘ExplodingCan’, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk”, added Microsoft.

“Customers still running prior versions of these products are encouraged to upgrade to a supported offering.”

Tenable Network Security strategist, Cris Tomas, urged organizations to double check that all systems are patched and up-to-date.

“Many of the patches for the exploits provided by the Shadow Brokers have only just recently been released, meaning that many organizations may not have had time to run those patches through their patch management processes and get them applied to their critical systems”, he argued.

“Of course, just because a patch is available doesn’t automatically mean your organization is safe. The pervasiveness and severity of some of the vulnerabilities in this drop makes it critical that you’re able to properly prioritize and patch every affected system in your environment.”

Another major part of the data dump – which Shadow Brokers is said initially to have tried and failed to sell privately – relates to the Swift inter-bank messaging system.

Specifically, the information details how an attacker could hack and monitor transactions flowing through the service bureaux used by some banks to manage their Swift connections.

Swift responded on Monday to claim that there’s no info to suggest its network or messaging is affected.

It added:

“The material that has been published by Shadow Brokers, and which dates back several years, suggests that attempts may have been made by unauthorized third parties to access communications between these service bureaux and their customers.

While this information is historic, we are in close contact with the service bureaux to remind them of their responsibility to inform their customers and to perform additional checks against the identified and other known threats, as well as to make sure that any necessary additional preventative measures are put in place.”

One of those alleged to have been targeted, the EastNets Service Bureau, said customers had nothing to worry about.

“While we cannot ascertain the information that has been published, we can confirm that no EastNets customer data has been compromised in any way, EastNets continues to guarantee the complete safety and security of its customer's data with the highest levels of protection from its SWIFT certified Service bureau”, said CEO and founder, Hazem Mulhim.

What’s hot on Infosecurity Magazine?