Leaked NSA exploits work on all post-2000 Windows versions


Two of the most notorious malware outbreaks of 2017 were the ransomware WannaCry and the wiper malware NotPetya. Both relied on the NSA's EternalBlue exploit of the Microsoft Server Message Block, which was leaked online by the hacker group The Shadow Brokers. Along with EternalBlue, The Shadow Brokers also leaked three other exploits: EternalSynergy, EternalRomance, and EternalChampion. In early 2018, RiskSense security researcher Sean Dillon ported these three to work on Windows versions going all the way back to 2000. For users, the solution is to ensure their machines are fully patched. When the exploits were originally leaked, security specialists criticised the NSA for placing everyone at risk by not disclosing the vulnerabilities when it first realised the tools had been stolen.

Writer: Ms Smith CSO, Nicholas Weaver
Publication: CSOnline, Lawfare 

Related learning resources