- Jul 22, 2014
- 2,525
Thai security researcher Worawit Wang has put together an exploit based on ETERNALENERGY that can also target newer versions of the Windows operating system.
ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections.
The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements.
Under the hood, ETERNALSYNERGY leverages a vulnerability in version 1 of the SMB file sharing protocol. The vulnerability is tracked as CVE-2017-0143.
New exploit is different but uses the same vulnerability
Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method "should never crash a target," the expert says. "Chance should be nearly 0%," Wang adds.
During the WannaCry ransomware outbreak, the ETERNALBLUE exploit mainly infected Windows 7 machines because it crashed on XP computers. A reliable exploit is as important as exploits that work on multiple OS versions.
Furthermore, Wang created his exploit to target newer versions of the Windows operating system. Tests confirmed the exploit worked on:
- Windows 2016 x64
- Windows 2012 R2 x64
- Windows 8.1 x64
- Windows 2008 R2 SP1 x64
- Windows 7 SP1 x64
- Windows 8.1 x86
- Windows 7 SP1 x86
These are all the supported versions of the Windows OS, except Windows 10.
CVE-2017-0143 can now impact nearly 75% of all Windows PCs
....
ETERNALSYNERGY is one of the NSA exploits leaked by the Shadow Brokers hacking group in April this year. According to a Microsoft technical analysis, the exploit can allow an attacker to execute code on Windows machines with SMB services exposed to external connections.
The exploit works up to Windows 8. According to Microsoft, the techniques used in the original ETERNALSYNERGY exploit do not work on newer platforms due to several kernel security improvements.
Under the hood, ETERNALSYNERGY leverages a vulnerability in version 1 of the SMB file sharing protocol. The vulnerability is tracked as CVE-2017-0143.
New exploit is different but uses the same vulnerability
Wang says his exploit targets the same vulnerability but uses a different exploitation technique. His method "should never crash a target," the expert says. "Chance should be nearly 0%," Wang adds.
During the WannaCry ransomware outbreak, the ETERNALBLUE exploit mainly infected Windows 7 machines because it crashed on XP computers. A reliable exploit is as important as exploits that work on multiple OS versions.
Furthermore, Wang created his exploit to target newer versions of the Windows operating system. Tests confirmed the exploit worked on:
- Windows 2016 x64
- Windows 2012 R2 x64
- Windows 8.1 x64
- Windows 2008 R2 SP1 x64
- Windows 7 SP1 x64
- Windows 8.1 x86
- Windows 7 SP1 x86
These are all the supported versions of the Windows OS, except Windows 10.
CVE-2017-0143 can now impact nearly 75% of all Windows PCs
....