Hacking tools were stolen from NSA - Almost all Windows affected

Hackers group have posted online a set of tools for hacking Windows operating systems. Most of them was designed for older Windows up to 8.1, but some of them can be also used for gaining access to Windows 10.

Tools were stolen from NSA last summer, but now they were posted online and available to almost anybody.

No way to remain protected
Security experts warn that with the hacking tools now available online, the number of attacks aimed at Windows systems is very likely to skyrocket during the weekend, especially because newbie hackers have more time to launch their attacks, while at the same time being able to find victims easily because users spend more time online on their days off.
Edward Snowden has also confirmed the leak, explaining that “this is not a drill, NSA exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft.”
As for ways to remain protected until Microsoft delivers patches, there’s really no hackerproof solution right now, other than running Windows 10, though there’s evidence that this operating system version can be hijacked as well. Security experts recommend to keep critical systems offline for a few days, at least until after the weekend, but it’s very clear this isn’t the most convenient solution right now.
We’ve contacted Microsoft to ask for more information on this leak and we’ll update the article when an answer is offered.
UPDATE: Microsoft has provided us with the following statement: "We are reviewing the report and will take the necessary actions to protect our customers."

Read more on Softpedia: nsa-s-windows-hacking-tools-leaked-millions-of-users-exposed

Update: WinBeta (onMSFT) reports that some vulnerabilities are fixed and provides links to security fixes on MS site..

Update 2: Here is link to MS Blog article with security fixes

Thanks for posting this. Great, just great. My "workload" just increased exponentially by Domegemegrottebytes.

ChaChaLaBoom said:

and who did the nsa steal the hacking tools from in the first place?

The NSA develop them.

This is crazy.

Leaked NSA Malware Threatens Windows Users Around the World

“I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” ... “and I have been involved in computer hacking and security for 20 years.”

“This is as big as it gets,” ... “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

HippsieGypsie said:

It's beyond crazy. It's absolutely ludicrous. Wonder if MS is doing anything about this.

Well, nothing has been done by MS since last August, when this stuff was stolen.

Shadow Brokers Release New Files Revealing Windows Exploits, SWIFT Attacks

Summary

EASYBEE appears to be an MDaemon email server vulnerability [source, source, source]
EASYPI is an IBM Lotus Notes exploit [source, source] that gets detected as Stuxnet [source]
EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 to 7.0.2 [source, source]
EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor [source, source]
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges [source, source]
EDUCATEDSCHOLAR is a SMB exploit [source, source]
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003 [source, source]
EMPHASISMINE is a remote IMAP exploit for IBM Lotus Domino [source, source]
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users [source, source]
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003 [source, source]
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 [source, source, source]
ETERNALBLUE is a SMBv2 exploit [source] that also works on Windows 10, even if it wasn't designed to [source]
ETERNALCHAMPION is a SMBv1 exploit [source]
ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers [source, source]
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003 [source, source]
ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later [source, source]
ETRE is an exploit for IMail 8.10 to 8.22 [source]
FUZZBUNCH is an exploit framework, similar to MetaSploit [source, source], which was also part of the December-January "Windows Tools" Shadow Brokers auction [source]
DOUBLEPULSAR is a RING-0 multi-version kernel mode payload [source]
EquationGroup had scripts that could scrape Oracle databases for SWIFT data [source, source]
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later [source, source], also not detected by any AV vendors [source]
Metadata [possibly faked, possibly real] links NSA to Equation Group [source]
NSA used TrueCrypt for storing operation notes [source]
Some of the Windows exploits released today were undetectable on VirusTotal [source]
Some EquationGroup humor in the oddjob instructions manual [source, source]
JEEPFLEA_MARKET appears to be an operation for collecting data from several banks around the world [source], previously linked to the NSA by Snowden [source, source]
The Equation Group targeted EastNets, a SWIFT connectivity provider [source, source, source, source, source]