Security researcher tweaks exploits stolen from the NSA last year to affect nearly all versions of Windows.
Exploits that were stolen from the NSA last year and which were believed to target older Windows releases have been tweaked to potentially impact all versions of Microsoft’s operating system back to Windows 2000.
Security researcher Sean Dillon from RiskSense (also known as @zerosum0x0 on Twitter) says the three exploits that he ported are EternalChampion, EternalRomance, and EternalSynergy. EternalBlue, another exploit stolen from the NSA by hacking group Shadow Brokers in 2017 and then published online, has already been used in attacks based on ransomware like WannaCry and NotPetya.
What Dillon managed to do (via BetaNews) was to modify the exploits to target two different vulnerabilities that exist in the majority of Windows version. The exploits were then included in the Metasploit Framework, and can impact even the newest operating systems, like Windows 10, which were originally believed to be immune to flaws stolen from the NSA.
Affecting unpatched versions of Windows
EternalSynergy can take advantage of both CVE-2017-0143 (type confusion between WriteAndX and Transaction requests) and CVE-2017-0146 (race condition with Transaction requests) vulnerabilities. EternalRomance is only aimed at the first, while EternalChampion targets the latter.
In documentation published on GitHub, Dillon explains that vulnerable targets are Windows versions released between 2000 and 2016, and attackers can obtain admin rights on a compromised host.
“You can run any command as SYSTEM, or stage Meterpreter. Note: unlike EternalBlue, kernel shellcode is not used to stage Meterpreter, so you might have to evade your payloads,” the researcher explains.
What’s important to know is that these new exploits can only compromise a system if it is not patched, so it’s critical for Windows users to deploy the latest security updates as soon as possible. This is one of the reasons the latest Windows versions are more secure, as OS releases like Windows XP and Windows Vista no longer receive updates and security patches, leaving some vulnerabilities unfixed.