Windows 10 Not Immune to WannaCry

/ 7 years ago

Windows 10 Not Immune to WannaCry

When the WannaCry ransomware hit last month, researchers claimed it could only infect systems running Windows 7 or earlier. Within days, it had infected Windows 8 and 8.1 machines, though Windows 10 remained unaffected. Security researcher, therefore, thought Microsoft’s latest operating system was immune to the malware. This assumption, as it turns out, was false.

WannaCry on Windows 10

WannaCry used the EternalBlue NSA exploit, leaked by the Shadow Brokers in April, to infect Windows machines. Researchers from RiskSense, have now ported EternalBlue to infect Windows 10 systems. The team stripped the DoublePulsar backdoor exploit from the malware and replaced it with a new custom insertion mechanism. The new iteration was then able to use the NSA exploit on Windows 10. However, only pre-Anniversary Update versions were found vulnerable. Later updates proved immune. Both Windows 10 Redstone 1 (April 2016) and Windows 10 Redstone 2 (Creators Update, April 2017) blocked Data Execution Prevention bypass attempts used by EternalBlue.

Sean Dillon and Dylan Davis, researchers from RiskSense, report [PDF]:

“The RiskSense Cyber Security Research team slowly dissected the original exploit, discovering parts of the data that were deemed unnecessary for exploitation. By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild. We also substantiated the premise that the original exploit’s DOUBLEPULSAR payload is a red herring for defenders to focus on, as stealthier payload mechanism can be crafted.”

The research is a warning to Cybersecurity companies: forget about DoublePulsar. The payload method is no longer for EternalBlue’s proliferation.

Do Windows 10 Users Need to Worry?

Yes and no. Dillon and Davis’ work does demonstrate that Windows 10 is not safe from WannaCry-style attacks. However, their research ethically conducted. God bless the White Hats. A malevolent coder, though, could potentially create their own version. In which case, make sure to update Windows 10. If you’re concerned, be sure to install all updates listed in Microsoft’s MS17-010 security bulletin. Better safe than sorry.

Between the recently released EternalRocks and the promise of more NSA hacking tools this month, prepare for more developments soon. Microsoft will have its work cut out. Pray that it does and that we don’t.
Topics: ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})