Windows XP/Server 2003: Fix for NSA ESTEEMAUDIT Exploit

[German]Microsoft didn't release a patch for Windows XP, Windows Server 2003 to close the NSA ESTEEMAUDIT Exploit. Now security firm enSilo released a hotfix to close the vulnerability used by ESTEEMAUDIT exploit.


After Shadow Broker released a couple of NSA hacking tools and exploits, Microsoft explained, that most of the vulnerabilities has been patched. Only some vulnerabilities addressed by exploits like EsteemAudit are unpatched, because Windows XP and Windows Server 2003 are reached end of life and are out of support.

But after WannaCry-Attack we have learned, that unpatched vulnerabilities may cause infections of thousands of systems. And there are still many systems running Windows XP and/or Windows Server 2003 out there. An analysis made from fortinet showed, tha open RDP ports within a network allows to attack systems.

Security firm enSilo decided to develop a hotfix for this EsteemAudit exploit. Last week they announced the patch, that is public available for Windows XP SP3 x86/x64 and Windows Server 2003 SP2. The patch will be loaded into winlogon.exe (only if it is an RDP session) to perform in memory patching (hotpatching) of ESTEEMAUDIT. Any attempt to use ESTEEMAUDIT to infect the patched machine will inevitably fail. Full details are available here. (via)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *