Educause Security Discussion mailing list archives
Re: ShadowBrokers dump of NSA Equation Group Files
From: Steven Alexander <steven.alexander () KCCD EDU>
Date: Sat, 15 Apr 2017 16:56:35 +0000
Good news: If you're patched up to date and not still using Windows 2003 anywhere, you're probably okay. Despite stating otherwise (probably because they had to), it appears that Microsoft got a heads-up on this and fixed the SMB vulnerabilities in a patch described in Security Bulletin MS17-010. The IIS and RDP exploits for Win 2003 will not be fixed and the SMB patches are not available for 2003 so Win 2003 (and XP) should be considered dead at this point. For 2008 and up, you just need to be patched up to date. The reports yesterday were that the SMB exploits worked on fully-patched Windows 7, but that appears to have been incorrect. https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/ Steven Alexander Director of IT Security Kern Community College District ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Steven Alexander [steven.alexander () KCCD EDU] Sent: Friday, April 14, 2017 9:07 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] ShadowBrokers dump of NSA Equation Group Files +1 for the Twitter feeds you listed, HackerFantastic in particular. In addition to the older IIS exploit, there are exploits for Remote Desktop and SMB. Basically anything up to Server 2012 is vulnerable. Presumably we'll see some patches coming from Microsoft in the not-to-distant future, but any Windows 2003 Servers, or Windows XP/Vista desktops are not supposed to get security updates from Microsoft. I realize I'm preaching to the choir, but now would be a great time to put other projects on hold long enough to retire of those systems that are still hanging around your network. If you have any IIS 6.0 servers on the Internet, this dump (plus the exploit from ~2 weeks ago) should provide the justification you need to insist on taking them down now. Hopefully you're not exposing RDP or SMB. Good luck everyone. Steven Alexander Director of IT Security Kern Community College District ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Seiwert, Matt [Matt.Seiwert () WICHITA EDU] Sent: Friday, April 14, 2017 12:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] ShadowBrokers dump of NSA Equation Group Files Hello. If you haven’t already seen this in the news, the ShadowBrokers group has released the collection of NSA Windows exploits they claimed to have obtained. Various members of the information security community have already verified that this dump is legitimate. This dump has given a toolbox of ready to use exploits to anyone who wishes to download them now. Many of the tools target older versions of Windows and IIS, but many institutions still have world facing services that fall into the affected scope. I wanted to bring this to everyone’s attention in case anyone had missed it. Reference: Shadow Brokers Dump Alleged Windows Exploits and NSA Presentations on Targeting Banks: https://motherboard.vice.com/en_us/article/shadow-brokers-dump-alleged-windows-exploits-and-nsa-presentations-on-targeting-banks NSA-leaking Shadow Brokers just dumped its most damaging release yet: https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/ Key analysts working on evaluation of these files: https://twitter.com/GossiTheDog https://twitter.com/x0rz https://twitter.com/hackerfantastic Thank you. Matt || Matt Seiwert – IT Security Team – 316-978-3049 – matt.seiwert () wichita edu<mailto:matt.seiwert () wichita edu> ||
Current thread:
- ShadowBrokers dump of NSA Equation Group Files Seiwert, Matt (Apr 14)
- Re: ShadowBrokers dump of NSA Equation Group Files Steven Alexander (Apr 14)
- Re: ShadowBrokers dump of NSA Equation Group Files Steven Alexander (Apr 15)
- Re: ShadowBrokers dump of NSA Equation Group Files Steven Alexander (Apr 14)