This past Valentines Day happened to fall on what’s affectionately known in the IT industry as “Patch Tuesday” referring to Microsoft’s monthly software update. However, Microsoft delayed the routine updates, the first time in over 13 years, citing an unspecified, “last minute issue.” The updates resumed in March but were unusually large and included fixes for a number of critical vulnerabilities. Several of these vulnerabilities proved quite interesting weeks later.
On April 14th, a hacker group known by the alias The Shadow Brokers released a treasure trove of secrets including hacking tools or “exploits” allegedly developed by the National Security Agency (NSA). The exploits include stealthy techniques for compromising Microsoft Windows computers. The Shadow Brokers failed to auction the hacking tools for the outrageous asking price of 1 Million Bitcoins ($568 Million USD). The tools are now actively being exploited “in the wild” by cyber criminals.
Cybersecurity research team, BinaryEdge, used a detection script to report the total number of computers infected globally by an exploit named DOUBLEPULSAR. BinaryEdge reported that over 100,000 computers were infected just one week after the exploits were released. Six days later the total climbed above 400,000 infections. An estimated 5.5 Million computers with public facing port 445, are potentially at risk of compromise to this exploit.
Microsoft’s March update included vulnerability fixes which countered four of the exploits. Microsoft stated the remaining exploits were patched during previous updates for supported operating systems. Regarding the four exploits, Microsoft did not acknowledge the source of the security flaw reports, when it is common practice to attribute credit for reporting vulnerabilities. The Patch Tuesday delay in February, the timing of the patch updates just prior to exploit release, and lack of attribution suggest Microsoft may have received a tip regarding the vulnerabilities.
Businesses and private computer owners are strongly advised to perform updates on Windows software at the earliest opportunity. Legacy operating systems, including Windows XP and Windows Server 2003, are no longer supported and will thus remain vulnerable to these exploits until replaced. Consider upgrading legacy operating systems as soon as possible.