When the WannaCry ransomware hit last month, researchers claimed it could only infect systems running Windows 7 or earlier. Within days, it had infected Windows 8 and 8.1 machines, though Windows 10 remained unaffected. Security researcher, therefore, thought Microsoft’s latest operating system was immune to the malware. This assumption, as it turns out, was false.
WannaCry used the EternalBlue NSA exploit, leaked by the Shadow Brokers in April, to infect Windows machines. Researchers from RiskSense, have now ported EternalBlue to infect Windows 10 systems. The team stripped the DoublePulsar backdoor exploit from the malware and replaced it with a new custom insertion mechanism. The new iteration was then able to use the NSA exploit on Windows 10. However, only pre-Anniversary Update versions were found vulnerable. Later updates proved immune. Both Windows 10 Redstone 1 (April 2016) and Windows 10 Redstone 2 (Creators Update, April 2017) blocked Data Execution Prevention bypass attempts used by EternalBlue.
Sean Dillon and Dylan Davis, researchers from RiskSense, report [PDF]:
“The RiskSense Cyber Security Research team slowly dissected the original exploit, discovering parts of the data that were deemed unnecessary for exploitation. By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild. We also substantiated the premise that the original exploit’s DOUBLEPULSAR payload is a red herring for defenders to focus on, as stealthier payload mechanism can be crafted.”
The research is a warning to Cybersecurity companies: forget about DoublePulsar. The payload method is no longer for EternalBlue’s proliferation.
Yes and no. Dillon and Davis’ work does demonstrate that Windows 10 is not safe from WannaCry-style attacks. However, their research ethically conducted. God bless the White Hats. A malevolent coder, though, could potentially create their own version. In which case, make sure to update Windows 10. If you’re concerned, be sure to install all updates listed in Microsoft’s MS17-010 security bulletin. Better safe than sorry.
Between the recently released EternalRocks and the promise of more NSA hacking tools this month, prepare for more developments soon. Microsoft will have its work cut out. Pray that it does and that we don’t.
According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…
A new AMD processor in the form of an engineering model has been leaked in…
SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…
SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…
Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…
Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…