Microsoft has released patches for the 3 more vulnerabilities, which were found in the exploit tools created by NSA and subsequently released by ShadowBrokers.
Last month, WannaCry Ransomware used one of the exploit code-named EternalBlue by NSA, was already patched by Microsoft in the month of March.Even though patch was issued, there were many who didn’t patch their systems and allowed WannaCry to take control of their systems and encrypt their data.
Considering the fact that WannaCry affected many of the systems worldwide, users and system administrators should patch their XP and Windows 2003 Server systems immediately.
| NSA Hacking Tool | Exploit CVE | Patch Download Link |
| “EnglishmanDentist” | CVE-2017-8487 | https://support.microsoft.com/en-us/help/4025218/security-update-for-windows-xp-and-windows-server-2003 |
| “EsteemAudit” | CVE-2017-0176 | https://support.microsoft.com/en-us/help/4022747/security-update-for-windows-xp-and-windows-server-2003 |
| “ExplodingCan” | CVE-2017-7269 | https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server |
| “ErraticGopher” | CVE-2017-8461 | https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003 |
Microsoft has also released some additional patches for XP and 2003 Servers, all the end-users who are using older versions of Microsoft Windows should visit this link to download the patches made available fopr the additional vulnerabilities not covered in here.
Previously, Microsoft had issued patches for the below mentioned hacking tools developed by NSA
| NSA hacking Tool | Patch Information | Download Link |
| “EternalBlue” | MS17-010 | https://technet.microsoft.com/ library/security/ms17-010.aspx |
| “EmeraldThread” | MS10-061 | https://technet.microsoft.com/ library/security/ms10-061 |
| “EternalChampion” | CVE-2017-0146 & CVE-2017-0147 | A: https://portal.msrc.microsoft.c om/en-US/security-guidance/ advisory/CVE-2017-0146 |
| B: https://portal.msrc.microsoft.c om/en-US/security-guidance/ advisory/CVE-2017-0147 |
||
| “EsikmoRoll” | MS14-068 | https://technet.microsoft.com/ library/security/ms14-068.aspx |
| “EternalRomance” | MS17-010 | https://technet.microsoft.com/ library/security/ms17-010.aspx |
| “EducatedScholar” | MS09-050 | https://technet.microsoft.com/ library/security/ms09-050 |
| “EternalSynergy” | MS17-010 | https://technet.microsoft.com/ library/security/ms17-010.aspx |
| “EclipsedWing” | MS08-067 | https://technet.microsoft.com/ en-us/library/security/ ms08-067.aspx |
eScan users are protected by eScan’s proactive critical patch management, which checks the endpoints for missing patches on the OS by matching the installed patches with the released patch list. The missing critical Windows update patches are then downloaded and installed on the computer where eScan is running. The above mentioned patches have been added to eScan’s Critical Patch Management Database and would be available to all our customers.
