Earlier today, we reported that Microsoft’s Windows operating system has been the victim of a number of zero-day exploits leaked by Shadow Brokers, which were being used by the National Security Agency (NSA).
Microsoft has now published a response to this leak by providing information on how its products are affected, the steps to secure them and which patches are in place.
The following is a table that shows the name of the exploit and how Microsoft has resolved it. Most of the exploits were resolved a number of years ago, whereas some are just a month ago.
Code Name Solution “EternalBlue” Addressed by MS17-010 “EmeraldThread” Addressed by MS10-061 “EternalChampion” Addressed by CVE-2017-0146 & CVE-2017-0147 “ErraticGopher” Addressed prior to the release of Windows Vista “EsikmoRoll” Addressed by MS14-068 “EternalRomance” Addressed by MS17-010 “EducatedScholar” Addressed by MS09-050 “EternalSynergy” Addressed by MS17-010 “EclipsedWing” Addressed by MS08-067
More importantly, it has been found that despite earlier reports that Windows 10 was not affected, “EternalChampion” affected both Windows 10 32-bit and 64-bit. Fortunately, a patch for this has already been released.
There were 3 additional exploits, “EnglishmanDentist”, “EsteemAudit” and “ExplodingCan” that could not be reproduced on supported versions of Windows by Microsoft’s engineers, thus no patches have been released for these issues. To ensure protection against these, Microsoft is urging customers to upgrade to a supported version of Windows, so that they have the latest security updates that are available.Further reading: Microsoft, NSA, Security, Windows, Windows 10