Security
Headlines
HeadlinesLatestCVEs

Headline

Protecting customers and evaluating risk

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation. When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation.

msrc-blog
#vulnerability#windows#microsoft#git

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation.

When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation. We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed. Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.

Code Name

Solution

EternalBlue

Addressed by MS17-010

EmeraldThread

Addressed by MS10-061

EternalChampion

Addressed by MS17-010

“ErraticGopher”

Addressed prior to the release of Windows Vista. CVE-2017-8461

EsikmoRoll

Addressed by MS14-068

EternalRomance

Addressed by MS17-010

EducatedScholar

Addressed by MS09-050

EternalSynergy

Addressed by MS17-010

EclipsedWing

Addressed by MS08-067

Of the three remaining exploits, “ EnglishmanDentist ”(CVE-2017-8487), “ EsteemAudit ” CVE-2017-0176), and “ ExplodingCan ” (CVE-2017-7269), none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.

We have long supported coordinated vulnerability disclosure as the most effective means to ensure customers and the computing ecosystem remains protected. This collaborative approach enables us to fully understand an issue and to deliver protection before customers are at risk due to public disclosure of attack methods. We work closely with security researchers worldwide who privately report concerns to us at [email protected]. We also offer bug bounties for many reported vulnerabilities to help encourage researchers to disclose responsibly.

Phillip Misner, ** Principal Security Group Manager ** Microsoft Security Response Center

Update June 13, 2017: Updates were made to this blog today in order to provide CVE numbers for additional updates released as part of June 2017 Update Tuesday release. For more information on this release, visit the MSRC blog “June 2017 security update release.”

Related news

EnglishmansDentist Exploit Analysis

Introduction Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on the exploit named EnglishmansDentist designed to target Exchange Server 2003.

msrc-blog: Latest News

Securing AI and Cloud with the Zero Day Quest