Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Windows XP Receives Patches for More ‘Shadow Brokers’ Exploits

Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups.

Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups.

The tech giant informed customers in mid-April that a series of exploits leaked by the group known as Shadow Brokers, which allegedly obtained the files from the NSA-linked Equation Group, had been patched in supported versions of Windows with the March security updates. According to some reports, the NSA itself disclosed these flaws to Microsoft following the Shadow Brokers leaks.

Roughly one month later, following the WannaCry ransomware attacks that hit hundreds of thousands of systems across the world, Microsoft decided to fix the SMB vulnerability leveraged by WannaCry in Windows platforms under custom support agreements.

The company has now decided to release more patches for these versions, including Windows XP, Windows Vista, Windows 8 and Windows Server 2003, to address other vulnerabilities that are at elevated risk of exploitation “due to past nation-state activity and disclosures.”

The list of patched flaws includes ones leveraged by three other exploits leaked by Shadow Brokers, namely EnglishmanDentist (CVE-2017-8487), EsteemAudit (CVE-2017-0176) and ExplodingCan (CVE-2017-7269).

Both supported and unsupported versions of Windows also received patches on Tuesday for two vulnerabilities, CVE-2017-8464 and CVE-2017-8543, that have been exploited in attacks by unnamed threat actors.

The list of older vulnerabilities that have now been fixed in outdated versions of Windows also includes remote code executions described in the MS17-013 bulletin, an Internet Explorer memory corruption (CVE-2017-0222), several Windows SMB flaws (CVE-2017-0267 – CVE-2017-0280), an actively exploited IIS buffer overflow (CVE-2017-7269), a Windows privilege escalation issue (CVE-2017-8552), and an actively exploited Windows olecnv32.dll RCE (CVE-2017-8487).

“Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies. Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly,” said Eric Doerr, General Manager of the Microsoft Security Response Center.

Advertisement. Scroll to continue reading.

“As always, we recommend customers upgrade to the latest platforms. The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements,” Doerr added.

Related: Microsoft Patches Several Malware Protection Engine Flaws

Related: Microsoft Warns Governments Against Exploit Stockpiling

Related: Crowdfunding for Acquiring Shadow Brokers Exploits Canceled

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...