14 DAY TRIAL // Supported Windows versions, and Windows 10 in particular, were all secure against the WannaCry ransomware that attacked Microsoft's operating system last month, all thanks to a dedicated patch that the Redmond-based software giant released in March this year.
A team of researchers at RiskSense, however, managed to port the WannaCry exploit to infect Windows 10 as well, though it's worth mentioning from the very beginning that no specifics have been made public and users of Microsoft's operating system remain protected if the most recent patches are installed.
The WannaCry ransomware is based on EternalBlue, an exploit stolen by the Shadow Brokers hacking group from the NSA last summer and published online earlier this year.
In order to port EternalBlue to compromise Windows 10 as well, the RiskSense security researchers built a Metasploit module that could bypass security features and mitigations implemented by Microsoft in its latest operating system, including Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR).
Additional tweaks were also implemented, including the removal of the DoublePulsar backdoor, which the researchers say isn't needed for the exploit to work. And because this was pulled, the exploit was also developed to install an Asynchronous Procedure Call (APC) payload, which allowed execution without a backdoor.
Windows 10 fully secure
RiskSense experts explain that the idea of this project was to help prevent similar attacks in the future, and not to provide hackers with information into how to compromise Windows 10. Details are secret anyway, so attacking Windows 10 is very unlikely to succeed.
“We’ve omitted certain details of the exploit chain that would only be useful to attackers and not so much for building defences. The research is for the white-hat information security industry in order to increase the understanding and awareness of these exploits so that new techniques can be developed that prevent this and future attacks. This helps defenders better understand the exploit chain so that they can build defences for the exploit rather than the payload,” researchers explain in a paper.
The new exploit was built to work against Windows 10 x64 version 1511 (November Update), still supported by Microsoft as part of the Current Branch for Business.
Windows users are again recommended to keep their systems fully up to date and to make sure that the MS17-010 update provided by Microsoft in March is running on their computers.