14 DAY TRIAL // Last weekend, hacking group Shadow Brokers leaked a set of Windows hijack tools allegedly used by the NSA, but Microsoft quickly downplayed the security risk, explaining that patches for all exploited vulnerabilities are already available for download.
And while this is undoubtedly true, having patches available for download doesn’t necessarily mean that Windows users are secure. They need to actually install these patches.
And according to a new report from The Reg, this didn’t happen, and this is how thousands of computers ended up getting infected with malware in the last few days.
It turns out that the main exploit being used to compromise Windows systems since the Shadow Brokers leak is ETERNALBLUE, which used DOUBLEPULSAR backdoor to infect a PC. At least 15,000 systems have already been discovered as infected with DOUBLEPULSAR, while other researchers are pointing to a number that is three times bigger.
Vulnerability patched in March
The worst thing is that the vulnerability that hackers are trying to exploit was already patched by Microsoft in March this year with MS17-010, so this means that systems that got compromised weren’t actually running this update.
The patch is aimed at systems running Windows Vista SP2 and newer, so users on Windows XP can be easily infected, with no way to deploy the patch because support is no longer provided. Everyone else needs to deploy the patch as soon as possible.
“This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server,” Microsoft explains.
Most of the infected systems are based in the United States, the report states, and the number is very likely to increase in the coming days and weeks, as most of the users who haven’t yet deployed the patch fixing the vulnerability are unlikely to do so anytime soon.
If you are running a Windows 10 PC that is completely up to date, you are entirely protected, though this doesn’t necessarily mean that your system is not exposed to other exploits, so the typical recommendations to stay away from content coming from untrusted sources is still valid.