The hacking organization The Shadow Brokers has uncovered a vulnerability on the Internet that was used as a cyber weapon by hacking National Security Agency (NSA), the US intelligence agency. This is a much higher risk than the security vulnerabilities disclosed last year by the Italian hacking team. Hackers have launched a cyber attack using the vulnerability.
Rapid security updates can help minimize damage. At the time of initial public release, it was zero day without security method, but Microsoft released a patch.
Shadow Brokers has recently released links and passwords to download attack tools. Windows hacking tools were included in the released files. The attack tool image using the vulnerability of SMB (Server Message Block) was released.
Security experts saw the SMB vulnerability risk as the highest rating. Other vulnerabilities require a web browser or a program to be installed. SMB is a protocol vulnerability, so if you know only the server’s Internet address (IP), it will take over the system. The hacker uses the vulnerability to take over the Windows server in about 120 seconds.
KISA (Korea Internet & Security Agency) recommended a security update based on the release of Microsoft Windows attack tool. This vulnerability does not work on newer versions of Windows, but it is vulnerable to older operating systems. KISA advised upgrading Windows Vista that MS has discontinued security updates to a Windows 7 or later OS and apply the latest patches if they are using an older version. It takes about three months for the company to release the patch after the stability test.
KISA explained that users unable to patch the latest security patches on Windows would use the network or Windows firewall to block SMB ports. Disable all version SMB protocol in OS setting (Windows Vista, Windows Server 2008 or later).
“Microsoft has released a security patch for the vulnerability,” said Sang-myung Choi, Hauri, CERT executive director. “The server is often late for security reasons, but it should be patched as soon as possible after review. The SMB vulnerability that Shadow Brokers disclosed is the third highest risk since the release of Windows,” Choi said. “It’s a weapon to take over the world’s Windows system.”