北京时间2017年4月14日,Shadow Brokers公布多款Windows漏洞利用工具,其中包含了多个 Windows 远程漏洞利用工具。除Microsoft Windows以外,受影响的产品还有: IBM Lotus Notes,Mdaemon, EPICHERO Avaya Call Server,Imail。
Windows用户提示:只要及时打了补丁就不用恐慌,Shadow Brokers所公布的大多数攻击方法微软之前已经发布过正式补丁,仅有的几个0day也是针对老旧操作系统(Windows2000/XP/2003/Vista)。
下载地址:https://github.com/misterch0c/shadowbroker/
下面是里头包含的各种漏洞攻击工具列表:
EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit
EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.
ECHOWRECKER remote Samba 3.0.x Linux exploit.
EASYBEE appears to be an MDaemon email server vulnerability
EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet
EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2
EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor
ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges
EDUCATEDSCHOLAR is a SMB exploit
EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003
EMPHASISMINE is a remote IMAP exploit for IBM Lotus
ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users
EPICHERO 0-day exploit (RCE) for Avaya Call Server
ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003
ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0
ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1
ETERNALCHAMPION is a SMBv1 exploit
ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers
ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003
ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later
ETRE is an exploit for IMail 8.10 to 8.22
FUZZBUNCH is an exploit framework, similar to MetaSploit
ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors
PASSFREELY utility which "Bypasses authentication for Oracle servers"
漏洞修复建议(或缓解措施):
以上攻击微软均已发布漏洞补丁,用户及时打补丁即可,下面是漏洞和补丁对应列表:
Code Name | Solution |
“EternalBlue” | Addressed by MS17-010 |
“EmeraldThread” | Addressed by MS10-061 |
“EternalChampion” | Addressed by CVE-2017-0146 & CVE-2017-0147 |
“ErraticGopher” | Addressed prior to the release of Windows Vista |
“EsikmoRoll” | Addressed by MS14-068 |
“EternalRomance” | Addressed by MS17-010 |
“EducatedScholar” | Addressed by MS09-050 |
“EternalSynergy” | Addressed by MS17-010 |
“EclipsedWing” | Addressed by MS08-067 |
表格来源:https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
“EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”受这3种漏洞影响的操作系统因为过于老旧,早已过了微软生命支持周期,因此微软建议用户安装部署最新的操作系统。
用户亦可选择使用深空网络通讯加密产品。