Become a fan of Slashdot on Facebook


Forgot your password?
Windows Microsoft Privacy Security

WannaCry Exploit Could Infect Windows 10 ( 52

msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers' report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10.
This discussion has been archived. No new comments can be posted.

WannaCry Exploit Could Infect Windows 10

Comments Filter:
  • WAIT, WAIT (Score:4, Interesting)

    by JustAnotherOldGuy ( 4145623 ) on Tuesday June 06, 2017 @06:47PM (#54564061)

    But Microsoft said that Windows 10 was "the safest Windows ever", EVER!

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If you allow windows update to do its job*.
      But considering a great many morons out there think disabling updates = "I'm a man now! I stopped microsoft!".
      Well they are at risk.

    • by Opportunist ( 166417 ) on Tuesday June 06, 2017 @06:59PM (#54564137)

      That's like being the best dressed hobo.

    • Any OS isn't safe it you don't update it regularly, MacOS and Linux are also very unsafe if you don't keep it updated, it's not like those OSses are any safer than current Windows is. Only reason why those seem to be safer is due to it still not having enough (dumb) users for hackers to target it.

    • It is not like they are setting the bar that high...
    • well considering it was well and truly patched months before a successful exploit could be developed I would say their argument there is still pretty good.
  • What does this mean for Windows versions other than XP, 7 or 10?

  • Bullshitware like UAC (which stops zero malware in just about every security study I've read), or secure boot, or any other number of "security" theater that M$ comes up with, they all end up failing horribly.

    There's no substitute for designing things securely.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      UAC is a failed attempt at replicating sudo* as it's missing fine grained control. UAC is also integrated into the Windows APIs in a way that causes a lot of problems for older software*.

      Secure Boot is malware, not a security system. If the person who bought the damn thing is told "I have another master" or "You're not my master"*, it's not a security system.

      The TPM crap that they heavily backed is also another "You're not my master" malware package.

      Their automatic updates crap as of late, causes more probl

      • UAC is not a sudo replicant, it is a tool for easily escalating to a privileged user. It is akin to what you see in many modern Linux GUIs when you try to run something, it asks for escalation and then runs as root, often for a period of time thereafter. Also your understanding of how UAC works is incorrect, you can have it change user contexts if you wish to set it up that way. You can tell UAC how to operate. Normally what it does is present even administrators with a restricted security token until they

      • They never had any intention of it being secure for you, just themselves.

        ... and the three-letter agencies when they come a-knockin'.

    • by Anonymous Coward

      > secure boot

      When Secure Boot is enabled, and supported by the underlying OS, it defeats Evil Maid. It also defeats surreptitious replacement of one's bootloader and OS kernel. Something that defeats whole classes of attacks isn't bullshitware.

      > UAC

      UAC is no less effective than sudo. Because of Windows' Window Stations UAC is -in fact- superior to every X11-based GUI for sudo. (On X11 systems, anyone running as the same user running the sudo elevation GUI can sniff the keystrokes entered in that GUI.

    • Please explain what needs to be done to "design things securely." Explain what specific sort of technical controls should be put in place in a kernel to prevent attacks. Make sure you aren't listing ones that they have already implemented, such as NX memory regions (which is what DEP is) and also make sure you aren't listing things you like in other OSes that are done in Windows under a different name like separate user/superuser privilege (which is what UAC is for). Let's hear these these brilliant, 100% e

    • (which stops zero malware in just about every security study I've read)

      Observer bias. It stops 100% of malware that it was designed to stop by prompting the user to specifically run said malware. Your observation fails to note the following:
      1. Malware got more sophisticated than getting a user to double click an .exe file.
      2. You don't hear or read about failed malware that ended up having no impact.

      Security is not an end, it's a process. It's a cat and mouse game. With each vector closed new attack vectors are explored. Modern malware looks absolutely nothing like it did in th

  • by Anonymous Coward

    "Heap spray attacks are probably one of the most esoteric types of exploitation and this is for Windows, which does not have source code available, ... Performing a similar heap spray on Linux is difficult, but easier than this"

  • the OP said that "were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks"
    but then goes on to say that if patched it is safe?

    Does the vulnerability affect both patched and unpatched installs?

    • by AHuxley ( 892839 )
      Page 12 of the linked pdf shows what could happen under the "Version of Microsoft Windows 10" part. Page 2 has the Executive Summary.
      The problem is not that any MS product is "safe", its that a US gov product in the wild could be used in creative ways.
    • by Targon ( 17348 )

      The design of Windows 10 helps to prevent these TYPE of attacks, but even then, some vulnerabilities will always be found over time. Patches released back in March of 2017 fixed the problem, unless the OP is talking about a new version that bypasses the FIX that Microsoft released. That is what isn't clear.

  • by Anonymous Coward

    Film at 11.

    Look, if you bent over backwards (because you have to bend over backwards, to prevent W10 from updating itself without so much as asking) to disable updates, and then didn't bother to check and manage updates yourself... then what did you frickin' expect to happen?

  • by Targon ( 17348 ) on Wednesday June 07, 2017 @04:41AM (#54566559)

    One of the biggest problems with Windows 7 is that the Windows Update system can break, and the automatic repair tools don't have the ability to fix the problem in a number of cases. If you intentionally turn off Windows Updates for whatever reason, and then do not go through the patches each week and install the "good" ones, you are setting yourself up for trouble. The vulnerabilities in Windows for Wannacry had a patch for Vista and newer back in March, so only those not installing updates were really vulnerable by the time Wannacry hit the news.

    So, like the changes to Windows or not, if you refuse the fixes that are made available, and THEN something happens, it is actually your fault at that point. It is like recall notices on cars, where if you get a recall notice saying your transmission might catch on fire in some situations without the recall, and you choose to ignore it or put it off, and then your transmission catches on fire, that is YOUR fault. A free fix was offered to prevent problems, and you ignored it.

    • So really the decision becomes give MS access to all your data, or risk malware. There is no selecting for 'good patches' anymore going forward, with the patches being rolled up into just a couple varients, and MS has proven with the win10 upgrade debacle that they won't hesitate to abuse the update system as they see fit.

      So, if you want to protect yourself against current malware threats, you don't have a choice about installing whatever telemetry update MS decides to include in the patch, or any of the o

  • and yet another attempt at getting 15 minutes of fame.. Using a security hole that has been fixed almost 3 months ago, with an OS that updates itself about every week, so unless you really have updates turned off and never manually loaded updates it's mute.. Why do these guys even get attention?

Make it myself? But I'm a physical organic chemist!