
Windows 0-days, SWIFT bank hacks among latest Shadow Brokers release - bootload
https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
======
merricksb
Other discussions:

[https://news.ycombinator.com/item?id=14114665](https://news.ycombinator.com/item?id=14114665)

[https://news.ycombinator.com/item?id=14119656](https://news.ycombinator.com/item?id=14119656)

[https://news.ycombinator.com/item?id=14116791](https://news.ycombinator.com/item?id=14116791)

------
bootload
_" It is very significant as it effectively puts cyber weapons in the hands of
anyone who downloads it. A number of these attacks appear to be 0-day exploits
which have no patch and work completely from a remote network perspective."_

MS Windows on a network was never really secure. These hacked will makes old
Windows based machines toxic. Pretty sure not all, if any of the historic
releases will be patched. Read this post, _" Microsoft: most ShadowBrokers
exploits are already patched"_ ~
[https://news.ycombinator.com/item?id=14119656](https://news.ycombinator.com/item?id=14119656)

 _" Researchers from security firm Kaspersky Lab, meanwhile, have confirmed
the leaked code they analysed bears unique signatures tied to Equation Group"_

Here is a Kaspersky Q&A (pdf) on the Equation Group ~
[https://securelist.com/files/2015/02/Equation_group_question...](https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf)

------
userbinator
From the article:

 _With the exception of Esteemaudit, the exploits should be blocked by most
firewalls. And best practices call for remote desktop connections to require
use of a virtual private network, a practice that should make the Estememaudit
exploit ineffective_

In other words, if you're behind a firewall/NAT with the relevant ports
inaccessible from the Internet, you won't be affected even if you're not
running a patched version of Windows.

 _From the exploit list provided and their description, it seems like using
Win10 and Win Server 2016 is enough to protect yourself against these
attacks._

...except that the telemetry and autoupdate capabilities of those OSs means
the NSA doesn't even have to exploit anything; they can just ask MS to hand
over the data. The saying about "known unknowns" and "unknown unknowns" comes
to mind...

~~~
speeder
According to 8chan one smb2 exploit actually affects Win10, despite being
tagged as intended for much older Windows.

~~~
Paul_S
8chan providing security expertise and 4chan electing presidents and directing
bombardments in Syria. What a time to be alive.

