WannaCry Exploit Could Infect Windows 10

msm1267 writes: EternalBlue, the NSA-developed attack used by criminals to spread WannaCry ransomware last month, has been ported to Windows 10 by security researchers. The publicly available version of EternalBlue leaked by the ShadowBrokers targets only Windows XP and Windows 7 machines. Researchers at RiskSense who created the Windows 10 version of the attack were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks. These mitigations were introduced prior to a March security update from Microsoft, MS17-010, and any computer running Windows that has yet to install the patch is vulnerable. You can read the researchers' report here (PDF), which explains what was necessary to bring the NSA exploit to Windows 10.

Re:And Monkeys COULD fly outta my butt

[jfdavis668]

You still use Windows ME?

Re:

[mspohr]

Hey, you insensitive clod, I used Windows ME.
ME was the last version of Windows I used.
It was so bad, I switched to Linux (and Mac) and haven't looked back.
I know people are slow and stupid but I can't believe that they keep using Windows. They must be masochists.

Re:

[WallyL]

Or uninformed and don't want to take the time to make better choices.

Re:

[Opportunist]

Probably not, but who'd trade being safe from one problem for every other problem that could possibly be wrong with software?

WAIT, WAIT

[JustAnotherOldGuy]

But Microsoft said that Windows 10 was "the safest Windows ever", EVER!

Re:

[Anonymous Coward]

If you allow windows update to do its job*.
But considering a great many morons out there think disabling updates = "I'm a man now! I stopped microsoft!".
Well they are at risk.

Re:

[chuckugly]

Then there's morons like you who don't seem to care that Microsoft is all the way up your ass so far you can TASTE them 24/7/365.

So, for 7 years more or less?

Re:WAIT, WAIT

[Opportunist]

That's like being the best dressed hobo.

Re:

[SuperDre]

Any OS isn't safe it you don't update it regularly, MacOS and Linux are also very unsafe if you don't keep it updated, it's not like those OSses are any safer than current Windows is. Only reason why those seem to be safer is due to it still not having enough (dumb) users for hackers to target it.

Re:

[gravewax]

If you want full control then setup a wsus server, you can have full control over the update and call home abilities if you really need it. The reality is most users are better off with no control as control is what created the huge fucking mess of unpatched machines with previous versions where so-called friends advised friends to turn off updates or they read it somewhere that updates were dangerous or they made the mistake of reading Slashdot where every conspiracy theory known to man is posted as fact.

Re:

[esperto]

It is not like they are setting the bar that high...

Re:

[gravewax]

well considering it was well and truly patched months before a successful exploit could be developed I would say their argument there is still pretty good.

Vista and 8.1

[yoda-dono]

What does this mean for Windows versions other than XP, 7 or 10?

M$'s continual bandaid solutions continue to fail

[Indy1]

Bullshitware like UAC (which stops zero malware in just about every security study I've read), or secure boot, or any other number of "security" theater that M$ comes up with, they all end up failing horribly.

There's no substitute for designing things securely.

Re:

[Anonymous Coward]

UAC is a failed attempt at replicating sudo* as it's missing fine grained control. UAC is also integrated into the Windows APIs in a way that causes a lot of problems for older software*.

Secure Boot is malware, not a security system. If the person who bought the damn thing is told "I have another master" or "You're not my master"*, it's not a security system.

The TPM crap that they heavily backed is also another "You're not my master" malware package.

Their automatic updates crap as of late, causes more probl

Re:

[Sycraft-fu]

UAC is not a sudo replicant, it is a tool for easily escalating to a privileged user. It is akin to what you see in many modern Linux GUIs when you try to run something, it asks for escalation and then runs as root, often for a period of time thereafter. Also your understanding of how UAC works is incorrect, you can have it change user contexts if you wish to set it up that way. You can tell UAC how to operate. Normally what it does is present even administrators with a restricted security token until they

Re:

[sydbarrett74]

They never had any intention of it being secure for you, just themselves.

... and the three-letter agencies when they come a-knockin'.

Re:

[Anonymous Coward]

> secure boot

When Secure Boot is enabled, and supported by the underlying OS, it defeats Evil Maid. It also defeats surreptitious replacement of one's bootloader and OS kernel. Something that defeats whole classes of attacks isn't bullshitware.

> UAC

UAC is no less effective than sudo. Because of Windows' Window Stations UAC is -in fact- superior to every X11-based GUI for sudo. (On X11 systems, anyone running as the same user running the sudo elevation GUI can sniff the keystrokes entered in that GUI.

Ok then

[Sycraft-fu]

Please explain what needs to be done to "design things securely." Explain what specific sort of technical controls should be put in place in a kernel to prevent attacks. Make sure you aren't listing ones that they have already implemented, such as NX memory regions (which is what DEP is) and also make sure you aren't listing things you like in other OSes that are done in Windows under a different name like separate user/superuser privilege (which is what UAC is for). Let's hear these these brilliant, 100% e

Re:

[thegarbz]

(which stops zero malware in just about every security study I've read)

Observer bias. It stops 100% of malware that it was designed to stop by prompting the user to specifically run said malware. Your observation fails to note the following:
1. Malware got more sophisticated than getting a user to double click an .exe file.
2. You don't hear or read about failed malware that ended up having no impact.

Security is not an end, it's a process. It's a cat and mouse game. With each vector closed new attack vectors are explored. Modern malware looks absolutely nothing like it did in th

most interesting quote

[Anonymous Coward]

"Heap spray attacks are probably one of the most esoteric types of exploitation and this is for Windows, which does not have source code available, ... Performing a similar heap spray on Linux is difficult, but easier than this"

Re:

[Anonymous Coward]

It's not illegal to demonstrate flaws in a system. As a consumer, all you have to do is apply this algorithm:

while (there exists an unpatched flaw in my computer) { keep computer turned off }

So is win10 Vulnerable?

[old_kennyp]

the OP said that "were able to bypass mitigations introduced by Microsoft that thwart memory-based code-execution attacks"
but then goes on to say that if patched it is safe?

Does the vulnerability affect both patched and unpatched installs?

Re:

[AHuxley]

Page 12 of the linked pdf shows what could happen under the "Version of Microsoft Windows 10" part. Page 2 has the Executive Summary.
The problem is not that any MS product is "safe", its that a US gov product in the wild could be used in creative ways.

Re:

[Targon]

The design of Windows 10 helps to prevent these TYPE of attacks, but even then, some vulnerabilities will always be found over time. Patches released back in March of 2017 fixed the problem, unless the OP is talking about a new version that bypasses the FIX that Microsoft released. That is what isn't clear.

Unpatched OS is vulnerable to modern exploits

[Anonymous Coward]

Film at 11.

Look, if you bent over backwards (because you have to bend over backwards, to prevent W10 from updating itself without so much as asking) to disable updates, and then didn't bother to check and manage updates yourself... then what did you frickin' expect to happen?

This is why turning off updates is bad

[Targon]

One of the biggest problems with Windows 7 is that the Windows Update system can break, and the automatic repair tools don't have the ability to fix the problem in a number of cases. If you intentionally turn off Windows Updates for whatever reason, and then do not go through the patches each week and install the "good" ones, you are setting yourself up for trouble. The vulnerabilities in Windows for Wannacry had a patch for Vista and newer back in March, so only those not installing updates were really vulnerable by the time Wannacry hit the news.

So, like the changes to Windows or not, if you refuse the fixes that are made available, and THEN something happens, it is actually your fault at that point. It is like recall notices on cars, where if you get a recall notice saying your transmission might catch on fire in some situations without the recall, and you choose to ignore it or put it off, and then your transmission catches on fire, that is YOUR fault. A free fix was offered to prevent problems, and you ignored it.

Re:

[eaglesrule]

So really the decision becomes give MS access to all your data, or risk malware. There is no selecting for 'good patches' anymore going forward, with the patches being rolled up into just a couple varients, and MS has proven with the win10 upgrade debacle that they won't hesitate to abuse the update system as they see fit.

So, if you want to protect yourself against current malware threats, you don't have a choice about installing whatever telemetry update MS decides to include in the patch, or any of the o

great

[SuperDre]

and yet another attempt at getting 15 minutes of fame.. Using a security hole that has been fixed almost 3 months ago, with an OS that updates itself about every week, so unless you really have updates turned off and never manually loaded updates it's mute.. Why do these guys even get attention?