News

Windows 10 Not Immune to WannaCry

When the WannaCry ransomware hit last month, researchers claimed it could only infect systems running Windows 7 or earlier. Within days, it had infected Windows 8 and 8.1 machines, though Windows 10 remained unaffected. Security researcher, therefore, thought Microsoft’s latest operating system was immune to the malware. This assumption, as it turns out, was false.

WannaCry on Windows 10

WannaCry used the EternalBlue NSA exploit, leaked by the Shadow Brokers in April, to infect Windows machines. Researchers from RiskSense, have now ported EternalBlue to infect Windows 10 systems. The team stripped the DoublePulsar backdoor exploit from the malware and replaced it with a new custom insertion mechanism. The new iteration was then able to use the NSA exploit on Windows 10. However, only pre-Anniversary Update versions were found vulnerable. Later updates proved immune. Both Windows 10 Redstone 1 (April 2016) and Windows 10 Redstone 2 (Creators Update, April 2017) blocked Data Execution Prevention bypass attempts used by EternalBlue.

Sean Dillon and Dylan Davis, researchers from RiskSense, report [PDF]:

“The RiskSense Cyber Security Research team slowly dissected the original exploit, discovering parts of the data that were deemed unnecessary for exploitation. By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild. We also substantiated the premise that the original exploit’s DOUBLEPULSAR payload is a red herring for defenders to focus on, as stealthier payload mechanism can be crafted.”

The research is a warning to Cybersecurity companies: forget about DoublePulsar. The payload method is no longer for EternalBlue’s proliferation.

Do Windows 10 Users Need to Worry?

Yes and no. Dillon and Davis’ work does demonstrate that Windows 10 is not safe from WannaCry-style attacks. However, their research ethically conducted. God bless the White Hats. A malevolent coder, though, could potentially create their own version. In which case, make sure to update Windows 10. If you’re concerned, be sure to install all updates listed in Microsoft’s MS17-010 security bulletin. Better safe than sorry.

Between the recently released EternalRocks and the promise of more NSA hacking tools this month, prepare for more developments soon. Microsoft will have its work cut out. Pray that it does and that we don’t.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

5 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

5 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

5 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

9 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

9 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

10 hours ago