• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

NSA's Windows Exploit "DoublePulsar" Being Actively Utilized in the Wild

Joined
Aug 20, 2007
Messages
21,579 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
The "DoublePulsar" exploit exposed recently as part of the leaked NSA-derived hacking toolkit posted online, is set to become one of the more significant issues related to the leak. Not because it is unpatched, because it has been patched for roughly a month, but rather because according to a threatpost.com report, few users are as up to date as they should be.




The exploit is described as "Zero-Day" in nature, and if that sounds serious, it's because that's exactly what we are dealing with. The exploit uses a bug in the Windows Server Message Block (SMB) stack, the protocol Windows uses to share files with PCs on the local network. The issue is so severe, it allows an unauthenticated attacker with access to the SMB port complete root-level control over your PC. Basically, if they can touch your SMB port, it doesn't matter what antivirus you are running, it's "game over dude." Worse yet, the report indicates the exploit is already in use "internet-wide."

One way to defend against this is using a decent hardware or even software firewall and blocking SMB access (Windows does not do this by default, for functionality reasons). SMB utilizes port TCP 445, if you want to go this route. But honestly, the best thing to do is just ensure you are up to date. Microsoft has had a patch out for this for over a month: Use it. Windows Update can get you there, or you can simply download it here.

If nothing else, this is a reminder of the dangers of running an unpatched Windows system (Windows XP gets no fix for this, as an example). Please keep your system up to date, or if unable or unwilling, stay on top of the latest exploit news to at least know what you are up against and have your firewall and antivirus ready.

View at TechPowerUp Main Site
 
Joined
Apr 2, 2009
Messages
3,505 (0.61/day)
Pc enthusiasts keep their OS secure.

.... Right?

Hmm, on the second thought. I have doubts.
 
Joined
Aug 20, 2007
Messages
21,579 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Might I add as an editorial-twist post-article, that the fact that MS is denying users critical fixes like this over what CPU they are running on supported OSes seem like borderline criminal behavior? In my mind at least, it is.

Maybe we should order them to stop that in the name of "national security." Would be more legit than several uses of the word I've seen.
 
Joined
Apr 2, 2009
Messages
3,505 (0.61/day)
In a lot of people's mind's, they feel Microsoft should not exist. At the same time, they couldn't use Unix, either, probably.
 
Joined
Aug 20, 2007
Messages
21,579 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
In a lot of people's mind's, they feel Microsoft should not exist. At the same time, they couldn't use Unix, either, probably.

Meh, there's a middleground I straddle. I still feel that the move with CPUs and updates is pretty messed up.

By the way, I can use Linux/*nix and so can probably anyone who tries a bit now. But it has it's own limitations.
 
Joined
Sep 15, 2007
Messages
3,946 (0.62/day)
Location
Police/Nanny State of America
Processor OCed 5800X3D
Motherboard Asucks C6H
Cooling Air
Memory 32GB
Video Card(s) OCed 6800XT
Storage NVMees
Display(s) 32" Dull curved 1440
Case Freebie glass idk
Audio Device(s) Sennheiser
Power Supply Don't even remember
Might I add as an editorial-twist post-article, that the fact that MS is denying users critical fixes like this over what CPU they are running on supported OSes seem like borderline criminal behavior? In my mind at least, it is.

Maybe we should order them to stop that in the name of "national security." Would be more legit than several uses of the word I've seen.

I've been arguing that it's fraud, but seems like most think it's ok for corporations to swindle you and do as they please (which is obvious by the state of the world).
 
Joined
Feb 21, 2017
Messages
218 (0.08/day)
"I disable updates because they are bad and annoying because of... reasons."
- A lot of users

As for the blocking updates on new CPUs, I do consider it illogical and counter productive for users.

As much as I like to defend Microsoft, as they are often overly scrutinized because it's cool to do that, even if they aren't doing anything other major companies aren't doing as well (without much of the criticism), but in this particular case what they did was I would describe in layman's terms as a "dick move".
 
Last edited:
Joined
Mar 24, 2017
Messages
123 (0.04/day)
Location
Italy
"I disable updates because they are bad and annoying because of... reasons."
- A lot of users

To be fair, the Win10 update system was initially something like a fascist tyrant installed on your computer. For most users in the first 6/10 months of windows 10 deploy the experience was like someone, somewhere, shutting down your system for *reasons* WHILE you were actively working on the machine.
Over the years MS has adopted an increasingly aggressive strategy to keep the millions of Win pc out there secure and as safe as possible from becoming part of giant botnets. That's due in part from the increased effort(and money) that MS has put on the table to quash these botnets, and in part to a grand joined UN strategy to keep the amount of "cyber threats" to a minimum.

As for the blocking updates on new CPUs, I do consider it illogical and counter productive for users.

This is in part a commercial strategy and, for the most part, the extension of what I've said earlier. Windows 10 is way, way, way more secure an OS than Windows 7 is.
To be frank, I really don't get why people are sticking with 7 and passed the chanche to update to 10 when they where elegible to do so for free.
 
Joined
Jun 10, 2014
Messages
3,006 (0.78/day)
Processor AMD Ryzen 9 5900X ||| Intel Core i7-3930K
Motherboard ASUS ProArt B550-CREATOR ||| Asus P9X79 WS
Cooling Noctua NH-U14S ||| Be Quiet Pure Rock
Memory Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz
Video Card(s) MSI GTX 1060 3GB ||| MSI GTX 680 4GB
Storage Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB
Display(s) Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24"
Case Fractal Design Define 7 XL x 2
Audio Device(s) Cambridge Audio DacMagic Plus
Power Supply Seasonic Focus PX-850 x 2
Mouse Razer Abyssus
Keyboard CM Storm QuickFire XT
Software Ubuntu
...it doesn't matter what antivirus you are running, it's "game over dude." Worse yet, the report indicates the exploit is already in use "internet-wide."
...
stay on top of the latest exploit news to at least know what you are up against and have your firewall and antivirus ready.
Antivirus can't protect against exploits, they can only recognize known malware and remove it. That's why we usually see hundreds of variants of the same virus, which continues until the exploit is actually fixed. Firewalls can't protect against specific exploits in protocols either, they are about blocking ports, applications, IPs, etc.
 
Joined
Aug 20, 2007
Messages
21,579 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 5800X Optane 800GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Firewalls can't protect against specific exploits in protocols either, they are about blocking ports, applications, IPs, etc.

All of the tcp/ip protocol stack utilizes ports, so port blocking can be used as protection in a pinch and thus, in this instance.
 
Joined
Sep 15, 2011
Messages
6,798 (1.40/day)
Processor Intel® Core™ i7-13700K
Motherboard Gigabyte Z790 Aorus Elite AX
Cooling Noctua NH-D15
Memory 32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s) ZOTAC GAMING GeForce RTX 3080 AMP Holo
Storage 2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Logitech Hero G502 SE
Software Windows 11 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
Antivirus can't protect against exploits, they can only recognize known malware and remove it. That's why we usually see hundreds of variants of the same virus, which continues until the exploit is actually fixed. Firewalls can't protect against specific exploits in protocols either, they are about blocking ports, applications, IPs, etc.
That's why all the quality antivirus software out there are also coming with IDPS and Malware/Rootkit detection. Or at least they should...
 
Top