Recent NSA exploits were partially responsible for multiple major ransomware outbreaks. In most cases, these NSA exploits could only be leveraged against older versions of the Windows operating system. It now appears that a security researcher has successfully made the ETERNALSYNERGY exploit applicable to newer versions of the popular OS. If researchers canmake this happen, criminals couldcertainly do so as well.

The NSA has built many different exploits to take advantage of weakened protocol found in the Windows operating system. In most cases, these exploits relate to the SMB protocol, which can be exposed to external connections. Ever since the Shadow Brokers unveiled these exploits to the public, we have seen multiple global ransomware campaigns leveraging them. WannaCry is just one of those examples.

ETERNALSYNERGY is one of the NSA exploits exposed by The Shadow Brokers several months ago. At the time of this reveal, thisexploit would only work on older versions of the Windows operating system. All versions up to and including Windows 8 were prone to this SMB exploit. Most security-aware computer users have switched to newer versions of the operating system, but there are plenty of vulnerable machines running older Windows versions right now.

Microsoft has always claimed that the technique used by ETERNALSYNERGY would not work with newer versions of Windows due to several security improvements found in the Windows kernel. Unfortunately, that does not appear to be the case any longer. Worawit Wang, a Thai security researcher, has successfully ported the exploit to newer versions ofWindows. Theported version targets the exact same vulnerabilityusing a different technique.

The new ETERNALSYNERGY exploit will not crash a Windows system. This exploit affects a long list of Windows versions, including Windows 8.1, Windows 2016, and many others. Users of Windows 10remain safe from harm for the time being, but that could change.

About75% of all Windows PCs in the world are now vulnerable to this new attack. These vulnerable computers are actually susceptible to three different exploits, including the original ETERNALSYNERGY and ETERNALROMANCE. Some form of solution needs to be found before more damage is done. Protecting ones computer should be onestop priority, and upgrading to Windows 10 seems to be the best course of action.

Wang also made his own exploit public, which couldhave some interesting consequences. There is also a step-by-step guide on how people can leverage this exploit against vulnerable computers. Any user not implementing the MS17-010 security update soon will remain vulnerable to these attacks. It will be interesting to see if more NSA exploits will be ported to Windows 10 in the future.

Read more:

Security Researcher Publishes NSA Exploit Capable of Affecting Newer Windows Versions - The Merkle