Shadow Brokers leak more NSA exploits

Exploits against Windows released over the Easter weekend by the Shadow Brokers hacking group have been patched and will not work, according to Microsoft.

EternalBlue exploit on Windows Server 2008 SP1. Via @HackerFantastic.

Phiillip Misner, principal security group manager of Microsoft's security response centre, said Microsoft had patched the "EternalBlue", "EternalRomance","EternalChampion", and "EternalSynergy" flaws in the Server Message Block file sharing protocol version 1 in March this year.

Other exploits, such as "EclipsedWing" which allowed remote code execution, were taken care of as early as 2008.

Microsoft said the "EnglishmanDentist", "EsteemAudit", and "ExplodingCan" exploits are not reproducible on currently supported versions of Windows. 

"... customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk," the company said.

In a break with tradition, Microsoft did not credit the person who reported the SMB flaw to the company.

The exploits released by the Shadow Brokers were compiled executables, able to be used with little technical skills and knowledge.

SWIFT service bureau hacked by NSA

The Shadow Brokers also released information that indicates the NSA hacked a service bureau for the SWIFT funds transfer network.

EasyNets is a Middle Eastern SWIFT service bureau with offices in Jordan, Egypt, and the United Arab Emirates as well as Belgium. Security researcher Matt Suiche believes the NSA might have used a Windows exploit to hack the organisation.

The NSA code name for the operation against EasyNets was JEEPFLEA_MARKETS. Suiche noted EasyNets ran Window Server 2008 R2 which could be exploited with the FUZZBUNCH hacking tools framework.

FUZZBUNCH contains the Windows exploits mentioned above that were detailed in the Shadow Brokers leak.

It is not clear how much of the SWIFT network the NSA compromised, but the agency did not manage to break into EasyNet partner Business Computer Group in Latin America.

Due to the detailed description of service bureau infrastructure in the Shadow Brokers documents, Suiche believes the leak could be harmful to the SWIFT network.

Suiche recommended users upgrade to Windows 10 and the range of security flaw mitigations the operating system has built in, which do not exist in older versions such as Windows 7.