Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Windows

NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000 (bleepingcomputer.com) 95

Catalin Cimpanu, reporting for BleepingComputer: A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000. The three exploits are EternalChampion, EternalRomance, and EternalSynergy; all three leaked last April by a hacking group known as The Shadow Brokers who claimed to have stolen the code from the NSA. Several exploits and hacking tools were released in the April 2017 Shadow Brokers dump, the most famous being EternalBlue, the exploit used in the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.
This discussion has been archived. No new comments can be posted.

NSA Exploits Ported To Work on All Windows Versions Released Since Windows 2000

Comments Filter:
  • by JoeyRox ( 2711699 ) on Monday February 05, 2018 @09:50AM (#56070407)
    That's called taking care of your installed base.
    • Yeah, but you get much better framerates in Win 10 thank to Direct X 12. Sadly they're a Windows Store exclusive.
      • Yeah, but you get much better framerates in Win 10

        This experience isn't universal, in fact theres a thread on nvidia driver forums thousands of responses long complaining about massive performance issues in general on windows 10 but not a similar complaint mountain on windows 7(many people actually note that performance issues is not present on windows 7 on exactly same hardware setup) which was the most popular windows until literally a few days ago

  • by Anonymous Coward

    I guess Linus and his penguin flock will be having a field day.

  • by Anonymous Coward

    Or must you visit a malicious web site, or firewalls be down, open shares and what not? I'm generally only worried about true remote exploits, the last I knew of for Windows was in 2001ish, "MS Blast".

  • by DNS-and-BIND ( 461968 ) on Monday February 05, 2018 @10:09AM (#56070521) Homepage
    Remember when we chalked the NSA up on our side? They might have been a secretive government agency, but no matter what they did they had our interests at heart. Those were the days, weren't they?
  • by rwbaskette ( 9363 ) on Monday February 05, 2018 @10:12AM (#56070541)

    ... I'm still running NT Workstation

    • I know you jest, but I actually installed NT 4.0 workstation last year onto a laptop built in the post 2000 era.
      *Very* challenging (drivers being a huge issue), but in the end, I had a laptop that booted in seconds, and was quite useless online (but it was funny to see webpages attempt to render on a platform that didn't recognize the web-programming languages.)

      One of the biggest challenges was simply finding SPs and patches. MS of course wiped them all out, and many websites were simply pointing back to M

      • by AmiMoJo ( 196126 )

        I'm surprised it booted so fast. I used one of the Alpha versions of NT (v3?) which was pretty slow, but Server was far worse. Had one machine doing Lotus that took 30 minutes to reboot, although that might have been IBM's fault.

        • This was a naked NT 4 Workstation. It was such a chore getting everything working right, that I really didn't bother putting any software on it. Opera and ad-muncher, and that was it.

          So once you went past the BIOS load-up screens, yeah, NT zipped right along.

          • by aliquis ( 678370 )

            I boot Windows 10 in seconds. And I don't even have a fast SSD.

            i7 8700K on Z370-F Strix with Samsung EVO 850 SATA 250 GB.

  • by Virtucon ( 127420 ) on Monday February 05, 2018 @10:22AM (#56070603)

    At least the NSA won't be able to use those exploits anymore.

  • This could turn into a big issue unless Microsoft releases a patch for all those older versions.
    • Consider Microsoft's position:
      Many of the operating systems are on End-of-Life status [microsoft.com] which means this product will no longer receive assisted support or security updates from Microsoft. These OSs are still widely used [hothardware.com] and are now even more vulnerable, if that's possible.
      Microsoft is in a bind. They could provide patches for these vulnerabilities, or restate their policy: "Your're on your own bucko". How many people left at Microsoft worked on the Windows 2000 software or remember it? If MS does someh
      • If someone else can port the exploit to Windows 2000, Microsoft should be capable of porting the fix.
        • If someone else can port the exploit to Windows 2000, Microsoft should be capable of porting the fix.

          Possibly, but is it cost-effective and can it be achieved within reasonable time constraints? IMHO, information warfare, like terrorism, is asymmetric. It's easier to burn a bridge than to design and build it.

  • by Viol8 ( 599362 ) on Monday February 05, 2018 @10:49AM (#56070759) Homepage

    ... you worked there. The chances of Mr A Random Hacker gaining access to their core systems are as close to zero as makes no difference. If original code is truly from the NSA then it was leaked by an employee.

    • by Anonymous Coward

      two things every IT veteran knows:
      1. never discount the improbable
      2. shit happens

    • by AHuxley ( 892839 )
      Contractors changed all that. The days of compartmentalization ended in Vietnam. After that it was all about budget and showing political leaders its was all private sector savings and using advanced products and market forces.
      Lots of contractors and private sector networks rented their services back to the NSA per mission. The US mil/gov "contractor" staging servers held out for many years online but someone finally tracked some bot, automated network back to a NSA contractor.
      With correct US gov com
    • by sjames ( 1099 )

      Or some idiot violated security protocols.

  • by ET3D ( 1169851 ) on Monday February 05, 2018 @11:14AM (#56070903)

    Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's. If he did that for Windows 10, won't surprise me if he also used unpatched versions of Windows 8.1 and 7.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Interesting that he went for a 2 year old version of Windows 10. Would have been much more interesting if he tested the latest patched versions of all OS's.

      He did, although you have to read the article linked in the article linked from the summary to know this.

      He tested on FOUR different versions of Windows 10:
      10.10240 - vulnerable
      10.10586 - vulnerable
      10.14393 - vulnerable
      10.16299 - NOT VULNERABLE

      Also 10.16299 is from October 2017, which is only 5 months old right now, not 24 months as you imply.
      10.10586 and 10.14393 are both not 24 months old yet either.
      Only one version in that list, 10.10240, is more than 24 months old. But seeing as four isn't one as you c

  • Illustrating the perils of outsourcing your stuff to the private sector :]
    • by AHuxley ( 892839 )
      That is what started all the problems. The NSA held up well against the Soviet Union and all its attempts into the 1980's.
      With the use of contractors the compartmentalization was finally lost.
      Every contractor had its own new ways and full tool lists. Staging servers could do anything for any mission at any time for a price.
      Contractors got let into more and more US gov secrets until the esprit de corps within the US gov, mil was replaced by contractors rent seeking.
      Political leaders backed the private

How many QA engineers does it take to screw in a lightbulb? 3: 1 to screw it in and 2 to say "I told you so" when it doesn't work.

Working...