It appears Windows users are not safe from the NSA’s EternalBlue exploit just yet. Researchers have discovered someone successfully ported this SMB exploit to ensure it can attack Windows 10-based systems as well. Luckily, it appears this is a development initiated by white hat hackers. Then again, if they can do it, so could someone with far more nefarious intentions.
Porting EternalBlue To Windows 10
When the RiskSense researchers announced they ported the EternalBlue exploit to Windows 10, a lot of people were seemingly concerned. That is only normal, considering how EternalBlue was the main reason why the WannaCry ransomware attack was so successful. This NSA exploit has also inspired criminals to create other nefarious tools, such as the SMB worm we discussed not too long ago.
However, the researchers have no plans to open source the code pertaining to Windows 10 just yet. It is a bit unclear why they have been taking these steps in the first place, considering the original attack was aimed at Windows XP, Windows Vista, and Windows 7 systems only. However, this also goes to show the same vulnerability can be leveraged against systems running Windows 10, which is quite troublesome. Microsoft has released and security update in March to counter this problem, though.
In the report published by the researchers, they explain what steps were necessary to port the EternalBlue SMB exploit to Windows 10. Moreover, they also examined the implemented mitigations to ensure these attacks would not result in another global attack. A lot of sensitive information regarding the exploit itself has been omitted, for obvious reasons. This project is mainly designed to gain a better understanding of this exploit and its capabilities.
The bigger problem with developments like these is how white hat hackers may not be the only ones successfully porting EternalBlue to Windows 10. If they are capable of doing so, it is not hard to imagine cyber criminals doing the exact same. While it remains to be seen if leveraging such exploits is even remotely successful since the Microsoft emergency patch, it also goes to show Windows 10 users are not safe from harm by any means.
It appears the researchers were capable of bypassing mitigations introduced in Windows 10 and successfully leverage the EternalBlue exploit to some degree. Moreover, the researchers also used a different payload to bypass for DEP. This new payload allows assailants to use a custom payload to be executed without backdoor access. That is particularly troublesome, albeit it is expected Microsoft will patch this problem shortly.
All of this goes to show there are still plenty of reasons to be concerned about EternalBlue and other exploits. All of these infiltration tools are very complex to create, yet allow virtually anybody to use them without much effort. EternalBlue effectively provides assailants with an instant remote Windows code execution attack, which is every hacker’s wet dream. Ensuring Windows 10 is no longer vulnerable to this attack is the number one priority for now.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.