HomeWinBuzzer NewsWhite Hat Hackers Adapt NSA 'EternalBlue' Exploit to Compromise Windows 10 PCs

White Hat Hackers Adapt NSA ‘EternalBlue’ Exploit to Compromise Windows 10 PCs

The adaptation lets the company deploy malware on Windows 10 without the DoublePulsar payload. It only affects users on builds prior to the Anniversary Update.

-

When the Shadow Brokers group leaked several NSA exploits in April, assured users that PCs had already been patched. They were correct, and remain so, but that doesn't mean there aren't still computers on the OS at risk.

The Ethical hacking team at RiskSense have adapted the NSAs EternalBlue exploit so that it can compromise Microsoft's latest OS. The new variant streamlines the exploit's code and reduces its footprint.

It also removes the DoublePulsar payload from the mix. This second NSA tool was used by malware like to deliver malformed packets and gain an initial foothold on the system. Instead, RiskSense has developed a stealthier, custom deployment method that lends itself better to modern OSes.

In many ways, it's a chastisement. Security companies have been focusing on detecting DoublePulsar to signal an EternalBlue compromise, when attackers don't necessarily need it.

“By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild,” said the company. “We also substantiated the premise that the original exploit's DOUBLEPULSAR payload is a red herring for defenders to focus on, as stealthier payload mechanism can be crafted.”

Latest Windows 10 Versions Not at Risk

However, it's worth noting that despite the port to Windows 10, Microsoft's statement stands. The latest versions of the OS are not vulnerable to the exploit. RiskSense's modification only works on versions before the Anniversary Update.

Thankfully, the report also doesn't mention technical details that would let attackers emulate the adoption. Instead, it provides tools to help companies better detect EternalBlue. Arguably, though, it's only a matter of time before someone figures it out for themselves. It's a stark reminder to keep your system up to date and employ good security practices.

You can make sure your system is secure by reading the MS17-010 security bulletin.

SourceRiskSense
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News

Mastodon