17 stories
today

Microsoft responds to NSA’s Windows exploits, urges customers to upgrade to supported versions

Earlier today, we reported that Microsoft’s Windows operating system has been the victim of a number of zero-day exploits leaked by Shadow Brokers, which were being used by the National Security Agency (NSA).

Microsoft has now published a response to this leak by providing information on how its products are affected, the steps to secure them and which patches are in place.

The following is a table that shows the name of the exploit and how Microsoft has resolved it. Most of the exploits were resolved a number of years ago, whereas some are just a month ago.

Code Name Solution
EternalBlue Addressed by MS17-010
EmeraldThread Addressed by MS10-061
EternalChampion Addressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher” Addressed prior to the release of Windows Vista
EsikmoRoll Addressed by MS14-068
EternalRomance Addressed by MS17-010
EducatedScholar Addressed by MS09-050
EternalSynergy Addressed by MS17-010
EclipsedWing Addressed by MS08-067

More importantly, it has been found that despite earlier reports that Windows 10 was not affected, “EternalChampion” affected both Windows 10 32-bit and 64-bit. Fortunately, a patch for this has already been released.

There were 3 additional exploits, “EnglishmanDentist”, “EsteemAudit” and “ExplodingCan” that could not be reproduced on supported versions of Windows by Microsoft’s engineers, thus no patches have been released for these issues. To ensure protection against these, Microsoft is urging customers to upgrade to a supported version of Windows, so that they have the latest security updates that are available.

Further reading: , , , ,

Are you running a supported version of Windows?