ShadowBroker公布多款Windows漏洞利用工具

北京时间2017年4月14日,Shadow Brokers公布多款Windows漏洞利用工具,其中包含了多个 Windows 远程漏洞利用工具。除Microsoft Windows以外,受影响的产品还有: IBM Lotus Notes,Mdaemon, EPICHERO Avaya Call Server,Imail。


Windows用户提示:只要及时打了补丁就不用恐慌,Shadow Brokers所公布的大多数攻击方法微软之前已经发布过正式补丁,仅有的几个0day也是针对老旧操作系统(Windows2000/XP/2003/Vista)。


下载地址:https://github.com/misterch0c/shadowbroker/

下面是里头包含的各种漏洞攻击工具列表:

Exploits

  • EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit

  • EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86.

  • ECHOWRECKER remote Samba 3.0.x Linux exploit.

  • EASYBEE appears to be an MDaemon email server vulnerability

  • EASYPI is an IBM Lotus Notes exploit that gets detected as Stuxnet

  • EWOKFRENZY is an exploit for IBM Lotus Domino 6.5.4 & 7.0.2

  • EXPLODINGCAN is an IIS 6.0 exploit that creates a remote backdoor

  • ETERNALROMANCE is a SMB1 exploit over TCP port 445 which targets XP, 2003, Vista, 7, Windows 8, 2008, 2008 R2, and gives SYSTEM privileges

  • EDUCATEDSCHOLAR is a SMB exploit

  • EMERALDTHREAD is a SMB exploit for Windows XP and Server 2003

  • EMPHASISMINE is a remote IMAP exploit for IBM Lotus

  • ENGLISHMANSDENTIST sets Outlook Exchange WebAccess rules to trigger executable code on the client's side to send an email to other users

  • EPICHERO 0-day exploit (RCE) for Avaya Call Server

  • ERRATICGOPHER is a SMBv1 exploit targeting Windows XP and Server 2003

  • ETERNALSYNERGY is a SMBv3 remote code execution flaw for Windows 8 and Server 2012 SP0

  • ETERNALBLUE is a SMBv2 exploit for Windows 7 SP1

  • ETERNALCHAMPION is a SMBv1 exploit

  • ESKIMOROLL is a Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers

  • ESTEEMAUDIT is an RDP exploit and backdoor for Windows Server 2003

  • ECLIPSEDWING is an RCE exploit for the Server service in Windows Server 2008 and later

  • ETRE is an exploit for IMail 8.10 to 8.22

  • FUZZBUNCH is an exploit framework, similar to MetaSploit

  • ODDJOB is an implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected by any AV vendors

  • PASSFREELY utility which "Bypasses authentication for Oracle servers"


漏洞修复建议(或缓解措施):  


以上攻击微软均已发布漏洞补丁,用户及时打补丁即可,下面是漏洞和补丁对应列表:



Code NameSolution
EternalBlueAddressed by MS17-010
EmeraldThreadAddressed by MS10-061
EternalChampionAddressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher”Addressed prior to the release of Windows Vista
EsikmoRollAddressed by MS14-068
EternalRomanceAddressed by MS17-010
EducatedScholarAddressed by MS09-050
EternalSynergyAddressed by MS17-010
EclipsedWingAddressed by MS08-067

表格来源:https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/


EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”受这3种漏洞影响的操作系统因为过于老旧,早已过了微软生命支持周期,因此微软建议用户安装部署最新的操作系统。


用户亦可选择使用深空网络通讯加密产品