When the WannaCry ransomware hit last month, researchers claimed it could only infect systems running Windows 7 or earlier. Within days, it had infected Windows 8 and 8.1 machines, though Windows 10 remained unaffected. Security researcher, therefore, thought Microsoft’s latest operating system was immune to the malware. This assumption, as it turns out, was false.
WannaCry used the EternalBlue NSA exploit, leaked by the Shadow Brokers in April, to infect Windows machines. Researchers from RiskSense, have now ported EternalBlue to infect Windows 10 systems. The team stripped the DoublePulsar backdoor exploit from the malware and replaced it with a new custom insertion mechanism. The new iteration was then able to use the NSA exploit on Windows 10. However, only pre-Anniversary Update versions were found vulnerable. Later updates proved immune. Both Windows 10 Redstone 1 (April 2016) and Windows 10 Redstone 2 (Creators Update, April 2017) blocked Data Execution Prevention bypass attempts used by EternalBlue.
Sean Dillon and Dylan Davis, researchers from RiskSense, report [PDF]:
“The RiskSense Cyber Security Research team slowly dissected the original exploit, discovering parts of the data that were deemed unnecessary for exploitation. By removing superfluous fragments in network packets, our research makes it possible to detect all potential future variants of the exploit before a stripped-down version is used in the wild. We also substantiated the premise that the original exploit’s DOUBLEPULSAR payload is a red herring for defenders to focus on, as stealthier payload mechanism can be crafted.”
The research is a warning to Cybersecurity companies: forget about DoublePulsar. The payload method is no longer for EternalBlue’s proliferation.
Yes and no. Dillon and Davis’ work does demonstrate that Windows 10 is not safe from WannaCry-style attacks. However, their research ethically conducted. God bless the White Hats. A malevolent coder, though, could potentially create their own version. In which case, make sure to update Windows 10. If you’re concerned, be sure to install all updates listed in Microsoft’s MS17-010 security bulletin. Better safe than sorry.
Between the recently released EternalRocks and the promise of more NSA hacking tools this month, prepare for more developments soon. Microsoft will have its work cut out. Pray that it does and that we don’t.
While I'm not familiar with the Bilibili streaming platform, it was the source of a…
As Computex 2024 approaches, the tech industry buzzes with anticipation for a series of high-profile…
MSI, a key player in the graphics card market, appears to be shifting its focus…
TeamGroup has once again proven its prowess in the field of memory product innovation by…
Konami's eFootball has reached a staggering 750 million downloads worldwide. This milestone comes as the…
Just a few hours after its release on Steam alone Manor Lords has already managed…