NSA exploits adapted for all Windows versions

[German]Last year, hackers from Shadow Brokers made various NSA tools public. Exploits such as EternalBlue were used in Ransomware attacks such as WannaCry, NotPetya and Bad Rabbit. A security researcher has now taken a closer look at other exploits and has been able to modify them so that they can run on all versions of Windows.


In addition to the EternalBlue exploits, other exploits have been released. Here’s the list:

EternalBlue: Adressiert in MS17-010
EmeraldThread: Adressiert in MS10-061
EternalChampion; Adressiert in  CVE-2017-0146 & CVE-2017-0147
ErraticGopher: vor der Freigabe von Windows Vista adressiert
EsikmoRoll: Adressiert in MS14-068
EternalRomance: Adressiert in MS17-010
EducatedScholar: Adressiert in MS09-050
EternalSynergy: Adressiert in MS17-010
EclipsedWing: Adressiert in MS08-067

These exploits take advantage of vulnerabilities in Windows, but only worked for certain versions. Now, RiskSense security researcher Sean Dillon (@zerosum0x0x0x0) has modified the source code for some of these lesser-known exploits to work on a variety of Windows operating systems and run system-level code.

The researcher has recently integrated these modified versions of EternalChampion, EternalRomance and EternalSynergy into the Metasploit Framework, an open source penetration testing project on GitHub. He posted this message on Twitter.


The modified exploits can exploit the following vulnerabilities:

CVE Vulnerability NSA Exploit
CVE-2017-0143 Type confusion between WriteAndX and Transaction requests EternalRomance EternalSynergy
CVE-2017-0146 Race condition with Transaction requests EternalChampion EternalSynergy

These exploits should now work on all unpatched Windows versions from the following list.

  • Windows 2000 SP0 x86
  • Windows 2000 Professional SP4 x86
  • Windows 2000 Advanced Server SP4 x86
  • Windows XP SP0 x86
  • Windows XP SP1 x86
  • Windows XP SP2 x86
  • Windows XP SP3 x86
  • Windows XP SP2 x64
  • Windows Server 2003 SP0 x86
  • Windows Server 2003 SP1 x86
  • Windows Server 2003 Enterprise SP 2 x86
  • Windows Server 2003 SP1 x64
  • Windows Server 2003 R2 SP1 x86
  • Windows Server 2003 R2 SP2 x86
  • Windows Vista Home Premium x86
  • Windows Vista x64
  • Windows Server 2008 SP1 x86
  • Windows Server 2008 x64
  • Windows 7 x86
  • Windows 7 Ultimate SP1 x86
  • Windows 7 Enterprise SP1 x86
  • Windows 7 SP0 x64
  • Windows 7 SP1 x64
  • Windows Server 2008 R2 x64
  • Windows Server 2008 R2 SP1 x64
  • Windows 8 x86
  • Windows 8 x64
  • Windows Server 2012 x64
  • Windows 8.1 Enterprise Evaluation 9600 x86
  • Windows 8.1 SP1 x86
  • Windows 8.1 x64
  • Windows 8.1 SP1 x64
  • Windows Server 2012 R2 x86
  • Windows Server 2012 R2 Standard 9600 x64
  • Windows Server 2012 R2 SP1 x64
  • Windows 10 Enterprise 10.10240 x86
  • Windows 10 Enterprise 10.10240 x64
  • Windows 10 10.10586 x86
  • Windows 10 10.10586 x64
  • Windows Server 2016 10.10586 x64
  • Windows 10 10.0.14393 x86
  • Windows 10 Enterprise Evaluation 10.14393 x64
  • Windows Server 2016 Data Center 10.14393 x64

Whoever is responsible for the administration of systems should make sure that they are up-to-date. More details can be found in the above GitHub-Post or at Bleeping Computer.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Update, Windows and tagged , , . Bookmark the permalink.

2 Responses to NSA exploits adapted for all Windows versions

  1. Schaschi Müller says:

    Is it possible that you submit a exploit for Windows Server 2019?

Leave a Reply to Schaschi Müller Cancel reply

Your email address will not be published. Required fields are marked *