14 DAY TRIAL // The United States Computer Emergency Readiness Team (US-CERT) warns in a notice published on its website that an alleged exploit kit developed by hacking group Shadow Brokers might be on sale online and targeting Windows machines.
As we reported earlier this week, Shadow Brokers is trying to sell a zero-day Windows exploit as part of a pack worth 750 Bitcoin, and the US-CERT says customers need to take several measures to make sure they remain protected.
In the advisory, the US-CERT writes that the zero-day exploit targets a vulnerability in Server Message Block (SMB), which is available on all Windows systems. A successful attack would allow an attacker to obtain sensitive information from affected systems.
The organization recommends Windows administrators to disable SMB v1 and to block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices, even though this could obviously impact the operations of some customers.
“US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 and 204279,” the US-CERT recommends.
Update your systems
For the moment, however, it’s important to note that there’s still no confirmation of a zero-day in Windows, and Microsoft itself is not aware of an unpatched vulnerability being exploited.
For what it’s worth, Windows users are also highly recommended to update their systems and, if possible, to update to Windows 10 Anniversary Update. Microsoft says this particular OS version employs very efficient zero-day mitigation technology that can block exploits even without patches.
More recently, the firm said that attacks aimed at taking advantage of two different security flaws in Windows were blocked before making any damage thanks to technologies that were exclusively available in the Windows 10 Anniversary Update.