New Metasploit module to exploit the MS17-010 vulnerabilities

New Metasploit module to exploit the MS17-010 vulnerabilities

DearBytesAlertsNew Metasploit module to exploit the MS17-010 vulnerabilities

What is going on?

A new Metasploit module has been released for the MS17-010 vulnerabilities. These vulnerabilities allows an attacker without proper authentication to execute code with the highest privileges. The new module allows easy exploitation of newer versions of Windows (Windows Server 2016 and Windows 10). This creates new opportunities for attackers to easily take control over unpatched Windows systems.
More details can be found in this link:

 

Aanmelden Nieuwsbrief

Mis nooit meer de laatste tech updates, acute dreigingen en DearBytes events. Schrijf je nu gratis in voor de nieuwsbrief.

Aanmelden

 

Who does this apply to?

According to the developers, the exploit should successfully gain control over all unpatched versions of Windows 2000+ x86/x64. This includes :

  • Windows Server 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows Server 2016

The Vulnerabilities that are exploited in this module are:

  • CVE-2017-0146 (EternalChampion/EternalSynergy) – exploit a race condition with Transaction requests
  • CVE-2017-0143 (EternalRomance/EternalSynergy) – exploit a type confusion between WriteAndX and Transaction requests

What can you do?

To protect against this exploit and further threats it is important to install the latest Windows Security Updates. If installing updates is not an option, Microsoft provides in their security bulletin a way to disable SMBv1 as a temporary workaround.