Recent NSA exploits were partially responsible for multiple major ransomware outbreaks. In most cases, these NSA exploits could only be leveraged against older versions of the Windows operating system. It now appears that a security researcher has successfully made the ETERNALSYNERGY exploit applicable to newer versions of the popular OS. If researchers can make this happen, criminals could certainly do so as well.
ETERNALSYNERGY Now Affects Newer Windows Versions Too
The NSA has built many different exploits to take advantage of weakened protocol found in the Windows operating system. In most cases, these exploits relate to the SMB protocol, which can be exposed to external connections. Ever since the Shadow Brokers unveiled these exploits to the public, we have seen multiple global ransomware campaigns leveraging them. WannaCry is just one of those examples.
ETERNALSYNERGY is one of the NSA exploits exposed by The Shadow Brokers several months ago. At the time of this reveal, this exploit would only work on older versions of the Windows operating system. All versions up to and including Windows 8 were prone to this SMB exploit. Most security-aware computer users have switched to newer versions of the operating system, but there are plenty of vulnerable machines running older Windows versions right now.
Microsoft has always claimed that the technique used by ETERNALSYNERGY would not work with newer versions of Windows due to several security improvements found in the Windows kernel. Unfortunately, that does not appear to be the case any longer. Worawit Wang, a Thai security researcher, has successfully ported the exploit to newer versions of Windows. The ported version targets the exact same vulnerability using a different technique.
The new ETERNALSYNERGY exploit will not crash a Windows system. This exploit affects a long list of Windows versions, including Windows 8.1, Windows 2016, and many others. Users of Windows 10 remain safe from harm for the time being, but that could change.
About 75% of all Windows PCs in the world are now vulnerable to this new attack. These vulnerable computers are actually susceptible to three different exploits, including the original ETERNALSYNERGY and ETERNALROMANCE. Some form of solution needs to be found before more damage is done. Protecting one’s computer should be one’s top priority, and upgrading to Windows 10 seems to be the best course of action.
Wang also made his own exploit public, which could have some interesting consequences. There is also a step-by-step guide on how people can leverage this exploit against vulnerable computers. Any user not implementing the MS17-010 security update soon will remain vulnerable to these attacks. It will be interesting to see if more NSA exploits will be ported to Windows 10 in the future.