Storagepipe Is Now Thrive

Learn More

GridWay Is Now Thrive

Learn More

Cybersecurity

Shadow Brokers April Exploit Release

Shadow Brokers April Exploit Release
04.18.17
Cybersecurity
By: Michael Gray, CTO

Disclaimer: We are not attempting to place blame or accuse any government organization.  This post mentions The Equation Group. This group is supposedly associated with the NSA, but we have no way of verifying this information.

The Shadow Brokers is a well-known hacking group. They released another bundle of exploits that it offered to sell back in January of this year. The offered it anyone willing to meet their bid.  These exploits said to be from the Equation Group that has been noted in other releases in the last couple years.  The vast majority of the 12 updates were already patched in previous Microsoft updates.

A closer look at the exploits

(By the way, if you are wondering if these are randomly generated names, they most certainly are.  I personally enjoy them, specifically EnglishmanDentist)

EternalBlue, EternalRomance, EternalSynergy and EternalChampion – Not only were all of these patched in March 2017 they were all in the same patch, MS17-010. For those scoring at home, that 17 in the naming convention does actually mean the year of release.  Assuming you kept up with your patching last month, you really got a lot of a bang for your buck on that one update.

EmeraldThread, ErraticGopher, EskimoRoll, EducatedScholar, EclipsedWing – All of these fixes came with updates released between 2008 and 2014.

I’ll get to the last 3 momentarily, but let’s look at the obvious pattern.  If you were patching all along there’s certainly less to worry about from a mitigation standpoint.  Patching is typically seen as somewhat mundane aspect of security. It’s times like this when you look back realize that it’s a high worthwhile and important exercise.  Many in the IT community are actually downplaying this incident since so many of the updates were previously patched in March and prior years.

As for the last three exploits, EnglishmanDentist, EsteemAudit, and ExplodingCan, all of these refer to software that is either out of support or well on their way to be out of support.  As I said to our engineers, if you have an Internet-facing Windows Server 2003 server (ExplodingCan), you’ve known for years that you need to replace this server.  You should not need a band of hackers-turned-salesman to release an exploit to get you to move.

If you have any questions please contact us