Wednesday, April 26th 2017
NSA's Windows Exploit "DoublePulsar" Being Actively Utilized in the Wild
The "DoublePulsar" exploit exposed recently as part of the leaked NSA-derived hacking toolkit posted online, is set to become one of the more significant issues related to the leak. Not because it is unpatched, because it has been patched for roughly a month, but rather because according to a threatpost.com report, few users are as up to date as they should be.
The exploit is described as "Zero-Day" in nature, and if that sounds serious, it's because that's exactly what we are dealing with. The exploit uses a bug in the Windows Server Message Block (SMB) stack, the protocol Windows uses to share files with PCs on the local network. The issue is so severe, it allows an unauthenticated attacker with access to the SMB port complete root-level control over your PC. Basically, if they can touch your SMB port, it doesn't matter what antivirus you are running, it's "game over dude." Worse yet, the report indicates the exploit is already in use "internet-wide."
One way to defend against this is using a decent hardware or even software firewall and blocking SMB access (Windows does not do this by default, for functionality reasons). SMB utilizes port TCP 445, if you want to go this route. But honestly, the best thing to do is just ensure you are up to date. Microsoft has had a patch out for this for over a month: Use it. Windows Update can get you there, or you can simply download it here.
If nothing else, this is a reminder of the dangers of running an unpatched Windows system (Windows XP gets no fix for this, as an example). Please keep your system up to date, or if unable or unwilling, stay on top of the latest exploit news to at least know what you are up against and have your firewall and antivirus ready.
Source:
threatpost.com
One way to defend against this is using a decent hardware or even software firewall and blocking SMB access (Windows does not do this by default, for functionality reasons). SMB utilizes port TCP 445, if you want to go this route. But honestly, the best thing to do is just ensure you are up to date. Microsoft has had a patch out for this for over a month: Use it. Windows Update can get you there, or you can simply download it here.
If nothing else, this is a reminder of the dangers of running an unpatched Windows system (Windows XP gets no fix for this, as an example). Please keep your system up to date, or if unable or unwilling, stay on top of the latest exploit news to at least know what you are up against and have your firewall and antivirus ready.
10 Comments on NSA's Windows Exploit "DoublePulsar" Being Actively Utilized in the Wild
.... Right?
Hmm, on the second thought. I have doubts.
Maybe we should order them to stop that in the name of "national security." Would be more legit than several uses of the word I've seen.
By the way, I can use Linux/*nix and so can probably anyone who tries a bit now. But it has it's own limitations.
- A lot of users
As for the blocking updates on new CPUs, I do consider it illogical and counter productive for users.
As much as I like to defend Microsoft, as they are often overly scrutinized because it's cool to do that, even if they aren't doing anything other major companies aren't doing as well (without much of the criticism), but in this particular case what they did was I would describe in layman's terms as a "dick move".
Over the years MS has adopted an increasingly aggressive strategy to keep the millions of Win pc out there secure and as safe as possible from becoming part of giant botnets. That's due in part from the increased effort(and money) that MS has put on the table to quash these botnets, and in part to a grand joined UN strategy to keep the amount of "cyber threats" to a minimum.This is in part a commercial strategy and, for the most part, the extension of what I've said earlier. Windows 10 is way, way, way more secure an OS than Windows 7 is.
To be frank, I really don't get why people are sticking with 7 and passed the chanche to update to 10 when they where elegible to do so for free.