Microsoft releases patches for exploits used by NSA’s hacking tools

Microsoft has released patches for the 3 more vulnerabilities, which were found in the exploit tools created by NSA and subsequently released by ShadowBrokers.

Last month, WannaCry Ransomware used one of the exploit code-named EternalBlue by NSA, was already patched by Microsoft in the month of March.Even though patch was issued, there were many who didn’t patch their systems and allowed WannaCry to take control of their systems and encrypt their data.

Considering the fact that WannaCry affected many of the systems worldwide, users and system administrators should patch their XP and Windows 2003 Server systems immediately.

NSA Hacking Tool Exploit CVE Patch Download Link
“EnglishmanDentist” CVE-2017-8487 https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003
“EsteemAudit” CVE-2017-0176 https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003
“ExplodingCan” CVE-2017-7269 https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server
“ErraticGopher” CVE-2017-8461 https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003

Microsoft has also released some additional patches for XP and 2003 Servers, all the end-users who are using older versions of Microsoft Windows should visit this link to download the patches made available fopr the additional vulnerabilities not covered in here.

https://support.microsoft.com/en-us/help/4025687/microsoft-security-advisory-4025685-guidance-for-older-platforms

Previously, Microsoft had issued patches for the below mentioned hacking tools developed by NSA

NSA hacking Tool Patch Information Download Link
“EternalBlue” MS17-010 https://technet.microsoft.com/
library/security/ms17-010.aspx
“EmeraldThread” MS10-061 https://technet.microsoft.com/
library/security/ms10-061
“EternalChampion” CVE-2017-0146 & CVE-2017-0147 A: https://portal.msrc.microsoft.c
om/en-US/security-guidance/
advisory/CVE-2017-0146
B: https://portal.msrc.microsoft.c
om/en-US/security-guidance/
advisory/CVE-2017-0147
“EsikmoRoll” MS14-068 https://technet.microsoft.com/
library/security/ms14-068.aspx
“EternalRomance” MS17-010 https://technet.microsoft.com/
library/security/ms17-010.aspx
“EducatedScholar” MS09-050 https://technet.microsoft.com/
library/security/ms09-050
“EternalSynergy” MS17-010 https://technet.microsoft.com/
library/security/ms17-010.aspx
“EclipsedWing” MS08-067 https://technet.microsoft.com/
en-us/library/security/
ms08-067.aspx

eScan users are protected by eScan’s proactive critical patch management, which checks the endpoints for missing patches on the OS by matching the installed patches with the released patch list. The missing critical Windows update patches are then downloaded and installed on the computer where eScan is running. The above mentioned patches have been added to eScan’s Critical Patch Management Database and would be available to all our customers.

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , , , , , , , . Bookmark the permalink.