Hacking tools were stolen from NSA - Almost all Windows affected

HippsieGypsie said:

Wow, @simrick. You've been busy. Impressive list you made!

So what do we do about all this?

I didn't make the list - it's copied from BleepingComputer's article on it.

Apparently, they've been released specifically for this weekend, when people will be home for the Easter Holiday, using their computers alot, and business computers will be left unattended (easy prey on both parts). So they expect high hacking activity over this weekend.

I've also read that some of these are not even detectable using VirusTotal.com scanning tool. This is serious stuff: nation-state-grade hacking tools out in the wild, many of them 0-day exploits. I've warned my friends to get their images done before turning in for the night, and stay off the NET over the weekend as much as possible. Until we know more, what else can we do? I am concerned about disruptions to municipalities (water/electricity, etc.); I mean, look what just happened in Dallas the other day - someone hacked into the tornado siren system and set all 156 sirens off.

Very disturbing news indeed!

Cheers

HippsieGypsie said:

Wow, @simrick. You've been busy. Impressive list you made!

So what do we do about all this?

Stay extra careful who you trust and what to click. And be prepare to change you online passwords. No need to do it now, ...

Steve C said:

I don't expect any action from MS any time soon. They can't even update Windows without creating major problems.

MS responded to Softpedia article (or somewhere) and I think they'll provide some fixes. Hope it'll be quick enough...

I like ENGLISHMANSDENTIST lol

WinBeta reported that MS responded and some security fixes are available...



Update: here is direct link to MS blog article with the list of security fixes..

Based on the comprehensive leaked list posted over at BleepingComputer, it appears that MS have only addressed the ones they have an acceptable answer for; many still remain unanswered, and therefore active vulnerabilities:

EASYBEE appears to be an MDaemon email server vulnerability [source, source, source]

EASYPI is an IBM Lotus Notes exploit [source, source] that gets detected as Stuxnet [source]

EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 to 7.0.2 [source, source]

EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor [source, source]

EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino [source, source]

ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users [source, source]

ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003 [source, source]
Addressed prior to the release of Windows Vista

ETRE is an exploit for IMail 8.10 to 8.22 [source]

FUZZBUNCH is an exploit framework, similar to MetaSploit [source, source], which was also part of the December-January "Windows Tools" Shadow Brokers auction [source]

DOUBLEPULSAR is a RING-0 multi-version kernel mode payload [source]
EquationGroup had scripts that could scrape Oracle databases for SWIFT data [source, source]

ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later [source, source], also not detected by any AV vendors [source]