14 DAY TRIAL // Security researchers warn that Windows XP and Windows Server 2003 are both exposed to attacks happening across the world, based on an exploit stolen from the NSA by hacking group Shadow Brokers.
For context, Shadow Brokers managed to break into NSA servers last year, allegedly stealing several Windows exploits that the agency was using to hack systems across the world. The hacking group eventually published these exploits online earlier this year, leading to an increase in the number of attacks aimed at Windows devices, including the WannaCry ransomware that was born earlier this month.
A second wave of attacks is now increasing at a worrying pace, security experts warn, and it is based on a hacking tool called EsteemAudit, which was also stolen from the NSA. In this case, however, systems that still receive support were patched in March this year, but both Windows XP and Windows Server 2003 were left behind after reaching EOS in 2014.
Third-party patch available
EsteemAudit is based on a vulnerability in the RDP service in Windows XP and Windows Server 2003, targeting port 3389 on unpatched systems. Attacks can be tweaked to include wormable malware, which means that once it infects a Windows XP system within a network, infections can then spread across all the other systems using other forms of malware.
This, in turn, means that entire networks are exposed due to this new wave of attacks if they are connected to a Windows XP system where an Internet connection is available.
While Microsoft is yet to release a patch for this new security vulnerability in Windows XP, security engineers at enSilo published a third-party fix that helps block attacks launched with EsteemAudit, explaining that all users should install it as soon as possible to remain protected.
“It is important to note that patching this exploit will not make these XP systems fully secure. There are still many unpatched vulnerabilities in Windows XP, and we urge organizations to update their systems accordingly,” the security experts warn.
Windows XP is currently running on approximately 7 percent of PCs across the world and upgrading to supported Windows versions is the only way to block such attacks.