Rare XP Patches Fix Three Remaining Leaked NSA Exploits – Threatpost

Category: NSA

The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from Aprils ShadowBrokers leak.

The worst of the bunch, an attack called ExplodingCan (CVE-2017-7269), targets older versions of Microsofts Internet Information Services (IIS) webserver, version 6.0 in particular, and enables an attacker to gain remote code execution on a Windows 2003 server.

All three attacks allow an adversary to gain remote code execution; one is EsteemAudit, a vulnerability in the Windows Remote Desktop Protocol (RDP) (CVE-2017-0176), while the other is EnglishmanDentist (CVE-2017-8487), a bug in OLE (Object Linking and Embedding). Microsoft said the patches are available for manual download.

ExplodingCan merits a closer look because of the wide deployment of IIS 6.0.

Generally, when you put a Windows machine on the internet, its going to be a server and its going to run a webserver, so there are production machines on the internet running IIS 6.0 right now, said Sean Dillon, senior analyst at RiskSense and one of the first to analyze the NSAs EternalBlue exploit that spread WannaCry ransomware on May 12.

Its probably already been exploited for months now, Dillon said. At least now theres a fix thats publicly available.

Microsoft released a hefty load of patches for supported products and services on Tuesday as part of its normal Patch Tuesday update cycle. Normally, patches for unsupported versions of Windows are available only for Microsoft customers on an expensive extended support contract. The companys decision to make all of those fixes public on Tuesday, it said, was prompted by an elevated risk for destructive cyber attacks.

Due to the elevated risk for destructive cyber attacks at this time, we made the decision to take this action because applying these updates provides further protection against potential attacks with characteristics similar to WannaCrypt, said Adrienne Hall, general manager of Microsofts Cyber Defense Operations Center.

In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations, Hall said. To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available toallcustomers, including those using older versions of Windows.

The ShadowBrokers leak in April unleashed a number of powerful Windows attacks into the public, allegedly belonging to the Equation Group, which is widely believed to the U.S. National Security Agency. Criminals and other nation states have already been leveraging the attacks to spread not only WannaCry ransomware, but also crytpocurrency mining utilities and other types of malware.

Microsoft said customers should not expect this type of patch release for unsupported products to become the norm. Some experts have been critical of Microsot, which also made a similar update available for unsupported products hours after the WannaCry outbreak.

I wish MS would stop releasing patches for xp/2003 it really harms efforts to get rid of legacy in the corporates

Quentyn Taylor (@quentynblog) June 13, 2017

Oh no. Take Windows XP off life support. Though it cannot die with dignity, it must be allowed to die. It will be messy. But this is cruel. https://t.co/euZVdTLC0z

Katie Moussouris (@k8em0) June 13, 2017

It was the right move by Microsoft, Dillon said. We saw the damage it can cause with WannaCry. Some of the most-used infrastructure, like SCADA systems, still run on XP whether theyre getting patches or not. When you have critical things [running on XP], its a good thing they released, but it should only be looked at as a temporary solution and people should look to upgrade off of legacy versions.

Some third-party services such as 0patch have provided micro-patches for some of these vulnerabilities on legacy versions, even before the ShadowBrokers leak, Dillon said. Hopefully people who are running legacy systems have looked into other means of patching beside official fixes, he said. Although, this is great that theres an official fix.

The remaining two vulnerabilities are a lesser severity but should be patched nonetheless on legacy systems.

EsteemAudit affects RDP, but only on XP and did not require a patch for modern versions of Windows. According to Microsoft, the vulnerability exists if the RDP server has smart card authentication enabled.

EnglishmanDentist, meanwhile, is triggered because Windows OLE fails to properly validate user input, Microsoft said.

Theres a whole wide assortment of exploits that were leaked, and weve only seen a few of them actively used at a mass scale. This is just plugging a hole before it becomes a bigger problem, Dillon said.

See the original post here:
Rare XP Patches Fix Three Remaining Leaked NSA Exploits - Threatpost

IDR Final Rule updates NSA dispute resolution | United States | Global law firm - Norton Rose Fulbright - June 16th, 2026 [June 16th, 2026]
Where Is Edward Snowden Now? What to Know About the NSA Whistleblower's Life in Exile, 13 Years Later - People.com - June 16th, 2026 [June 16th, 2026]
Former NSA official: 'Timing couldn't have been worse' for FISA 702 to expire - WBFF - June 16th, 2026 [June 16th, 2026]
SHAREHOLDER ALERT: The M&A Class Action Firm Continues to Investigate the Merger--CZNL, NSA, CNBN, and ESQ - PR Newswire - June 16th, 2026 [June 16th, 2026]
Training, teamwork, and quick action save a life at NSA Philadelphia - MilitaryNews.com - June 12th, 2026 [June 12th, 2026]
NSA Insurance celebrates 100 years of selling a promise on the East End - The Suffolk Times - June 12th, 2026 [June 12th, 2026]
Ex Pakistan NSA Moeed Yusuf says fixing ties with India key to economic revival, regional trade ambitions - ThePrint - June 12th, 2026 [June 12th, 2026]
RSABI's Carol McLaren wins NSA Silver Salver for her work in the industry - The Scottish Farmer - June 12th, 2026 [June 12th, 2026]
Anthropic's Mythos model is reportedly powering NSA offensive cyber ops against China and Iran - the-decoder.com - June 7th, 2026 [June 7th, 2026]
NSA taps three officials for top cybersecurity positions - Nextgov/FCW - June 7th, 2026 [June 7th, 2026]
Anthropic is blacklisted by the Pentagon and being used by the NSA at the same time - TechSpot - June 7th, 2026 [June 7th, 2026]
NSA said to be readying Anthropics Mythos for use in cyber operations - TechCrunch - June 5th, 2026 [June 5th, 2026]
Former NSA John Bolton to plead guilty to retaining classified info - MS NOW - June 5th, 2026 [June 5th, 2026]
Trump executive order on AI gives central role to NSA - Breaking Defense - June 5th, 2026 [June 5th, 2026]
Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Yahoo - June 5th, 2026 [June 5th, 2026]
NSA using Claude Mythos for 'offensive cyber operations,' report claims says 'half-a-dozen' Anthropic engineers embedded inside the agency - Tom's... - June 5th, 2026 [June 5th, 2026]
NSA selects new leads for key cybersecurity posts - The Record from Recorded Future News - June 5th, 2026 [June 5th, 2026]
NSA Joins CISA and Partners to Release Guidance on Hardening Automatic Tank Gauge Systems - National Security Agency (NSA) (.gov) - June 5th, 2026 [June 5th, 2026]
FT: Anthropic staff helping the NSA use Mythos for offensive cyberattacks - Sherwood News - June 5th, 2026 [June 5th, 2026]
Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Decrypt - June 5th, 2026 [June 5th, 2026]
Anthropic Embeds Engineers at NSA to Deploy Mythos AI for Offensive Cyber Operations - MLQ.ai - June 5th, 2026 [June 5th, 2026]
The NSA has all the equipment and technology needed to track bandits but lacks the political will to do so -Stephen alleges Watch full interview:... - June 5th, 2026 [June 5th, 2026]
Anthropic aids NSA with Mythos to bolster offensive cyber operations - CHOSUNBIZ - Chosunbiz - June 5th, 2026 [June 5th, 2026]
NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely... - June 5th, 2026 [June 5th, 2026]
Video | Ex-Trump NSA Adviser Pleads Guilty To Classified Info Leak | Zelenskyy Calls For Meet With Putin - NDTV - June 5th, 2026 [June 5th, 2026]
Former Trump NSA John Bolton to plead guilty over retaining classified documents: Report - WION - June 5th, 2026 [June 5th, 2026]
Anthropics Mythos being used by US NSA for cyber operations FT - Business Post - June 5th, 2026 [June 5th, 2026]
This day, that year: From Robert F. Kennedys assassination to Edward Snowdens NSA revelations how June 5 shaped the world - The Times of India - June 5th, 2026 [June 5th, 2026]
Strengthening the security architecture with NSA and HSA - The Guardian Nigeria News - June 5th, 2026 [June 5th, 2026]
Ex-US NSA Bolton to plead guilty over mishandling classified documents: Report - ANI News - June 5th, 2026 [June 5th, 2026]
The NSA, Mythos and the quiet emergence of AI cyber doctrine - csoonline.com - May 27th, 2026 [May 27th, 2026]
NSA warning on AI automation protocol raises fresh testing concerns for banks - QA Financial - May 27th, 2026 [May 27th, 2026]
Pentagon and NSA Form Joint AI Task Force to Deploy Frontier Hacking Models on Classified Networks - SOFX - May 27th, 2026 [May 27th, 2026]
Marco Rubio meets NSA Doval, discusses defence, security and strategic tech cooperation including TRUST in - The Economic Times - May 27th, 2026 [May 27th, 2026]
Two protesters detained under NSA to appear before advisory board in Lucknow today - The Times of India - May 27th, 2026 [May 27th, 2026]
General Paul M. Nakasone Director National Security Agency and staff carry a wreath to the Memorial Wall. - National Security Agency (NSA) (.gov) - May 20th, 2026 [May 20th, 2026]
NSA scandal: Court admits bank documents between Gifty Oware and ADB - Modern Ghana - May 20th, 2026 [May 20th, 2026]
Wiretapping trial: NSA, ICPC boss acknowledge conversation cited by in El-Rufai TV Interview - Business News Nigeria - May 20th, 2026 [May 20th, 2026]
NSA, ICPC El-Rufais Open Confession in Media Interview Witness Testifies - The Guardian Nigeria News - May 20th, 2026 [May 20th, 2026]
NSA issues strong warning to sports bodies over governance compliance - GhanaWeb - May 20th, 2026 [May 20th, 2026]
Witness: NSA confirmed wiretapped conversation referenced by el-Rufai was authentic - TheCable - May 20th, 2026 [May 20th, 2026]
NSA wiretapping: El Rufai returned to DSS custody, awaits bail - Pointblank News - May 20th, 2026 [May 20th, 2026]
Alleged Security Breach: NSA Confirmed Conversation Referenced By El-Rufai Was Authentic Witness - Channels Television - May 20th, 2026 [May 20th, 2026]
El-Rufai: NSA, ICPC chair confirmed tapped conversation Witness - Punch Newspapers - May 20th, 2026 [May 20th, 2026]
Imran Khan coup: 'US message to Pakistan was clear ...' says Tilak Devasher, frmr NSA board - The Economic Times - May 20th, 2026 [May 20th, 2026]
NSA Lady Saints two wins from claiming seventh consecutive V... - The Suffolk News-Herald - May 16th, 2026 [May 16th, 2026]
The imposition of NSA on Satyam Verma and Aakriti Chaudhary is a conspiracy to keep them in jail - Countercurrents - May 16th, 2026 [May 16th, 2026]
'No Sailor Lives Afloat' Initiative: NSA Naples Moves 54 Sailors from Shipboard Berthing to Shore - DVIDS - May 16th, 2026 [May 16th, 2026]
Workers protest: Day after invoking NSA, police say 1 cr transactions found in banks accounts of one accused | Hindustan Times - Hindustan Times - May 16th, 2026 [May 16th, 2026]
Press Club of India urges Uttar Pradesh govt. to withdraw NSA against journalist Satyam Verma - The Hindu - May 16th, 2026 [May 16th, 2026]
Uttar Pradesh police invoke NSA against two accused held during workers protest in Noida - The Hindu - May 16th, 2026 [May 16th, 2026]
Illegal Mining: FG Hands Over Foreign Terror Suspects To NSA - Channels Television - May 16th, 2026 [May 16th, 2026]
Noida Violence: NSA invoked against Satyam Verma and Aakriti Choudhary over alleged role in labour protest - Organiser - May 16th, 2026 [May 16th, 2026]
NSA invoked against two accused in Noida labour unrest case - Awaz The Voice - May 16th, 2026 [May 16th, 2026]
NSA invoked against two in April 13 workers stir in Noida - The New Indian Express - May 16th, 2026 [May 16th, 2026]
Homeland Security: Replace NSA Ribadu if you lack confidence in him ADC to Tinubu - Daily Post Nigeria - May 16th, 2026 [May 16th, 2026]
NSA sweeps Cape Henry for TCIS baseball and softball titles - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
News - NSA Naples Sailor Named Navy Military Fire Officer of the Year - DVIDS - May 9th, 2026 [May 9th, 2026]
Bergen's solo homerun lifts NSA into the TCIS Final - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
NSA members bring sheep farming into the classroom - Farmers Guardian - May 9th, 2026 [May 9th, 2026]
Amritpals mother confronts Mann: His NSA over, why arent you bringing him to Punjab? - The Indian Express - May 9th, 2026 [May 9th, 2026]
They Said They Were From NSA Ribadus Office, Seized My Husband In Abuja Hotel: Woman Cries Out Over Alleged Disappearance - Sahara Reporters - May 9th, 2026 [May 9th, 2026]
NSA Ajit Doval, Vietnam President discuss strengthening strategic partnership - The Sentinel - of this Land, for its People - May 9th, 2026 [May 9th, 2026]
Cyber Command, NSA chief warns foreign adversaries likely to target midterms - The Record from Recorded Future News - April 29th, 2026 [April 29th, 2026]
CISA flags data-theft bug in NSA-built OT networking tool - theregister.com - April 29th, 2026 [April 29th, 2026]
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' fast16 targeted nuclear reactors, dam design, and... - April 29th, 2026 [April 29th, 2026]
The NSA Just Warned Everyone to Reboot Their Routers What to Do Right Now - National Cybersecurity Alliance - April 29th, 2026 [April 29th, 2026]
Former NSA Science Chief Warns Humanity May Be Missing Something 'Huge' About UFO Phenomena - International Business Times UK - April 29th, 2026 [April 29th, 2026]
Court rejects bid to halt trial of former NSA Deputy CEO - Ghanaian Times - April 29th, 2026 [April 29th, 2026]
The NSA: SLs missing link on the geopolitical stage - The Morning - April 29th, 2026 [April 29th, 2026]
Farmers seeking new pastures urged to try NSA's Graziers List - Craven Herald - April 29th, 2026 [April 29th, 2026]
Punjab Police takes Amritpal on 2-day remand following expiry of NSA detention - ThePrint - April 29th, 2026 [April 29th, 2026]
Report: NSA is currently using Anthropics unreleased Mythos model - Sherwood News - April 23rd, 2026 [April 23rd, 2026]
FBI And NSA Warnings IgnoredNo Fix For Millions Of Phones - Forbes - April 23rd, 2026 [April 23rd, 2026]
NSA Uses AI Mythos Even Though Anthropic is Blacklisted by the Pentagon - VOI.ID - April 23rd, 2026 [April 23rd, 2026]
NSA Running Blacklisted Anthropic AI: Warning for UK Banks - Disruption Banking - April 23rd, 2026 [April 23rd, 2026]
Amritpal Singh Taken into Punjab Police Custody After NSA Detention Ends in Dibrugarh - The Sentinel - of this Land, for its People - April 23rd, 2026 [April 23rd, 2026]
Cybersecurity, Claude Mythos, is Anthropic's model in the hands of the Nsa? - Il Sole 24 ORE - April 23rd, 2026 [April 23rd, 2026]
NSA Doval Meets Top Saudi Leaders, Focus On Security And Energy - The Times of India - April 23rd, 2026 [April 23rd, 2026]
NSA: stereotyping, ethnic profiling can weaken intelligence gathering - The Nation Newspaper - April 7th, 2026 [April 7th, 2026]

June 14th, 2017

No comments yet

Comments are closed.

Mediaboss Marketing

Rare XP Patches Fix Three Remaining Leaked NSA Exploits – Threatpost

About

Pages

Categories

Media Sites

Recommended Sites

Archives