Shadowbrokers dump contains several Windows zero-days

Security researchers report that the most recent Shadowbrokers dump contains several unknown vulnerabilities in Windows systems. For the time being, these are older versions, but many systems are still at risk.

For example, Matthew Hickey of security firm Hacker House told Ars Technica that “this is by far the most powerful set of exploits released to date.” According to him, several exploits appear to use zero-day vulnerabilities in Windows. Hickey has analyzed a number of them so far. The Eternalblue exploit makes for example, it is possible to run code remotely on Windows Server 2008 R2. Other software targets leaks in Windows versions up to Windows 8.

Other researchers report similar findings, including on their own blog and to Motherboard. The site writes that Microsoft has said in a response that it is “investigating the publication and will take the necessary steps to protect its customers.” Until an extensive analysis of the publication has taken place, the size and consequences of this cannot be estimated and it remains unclear how many zero days are actually involved. The researchers warn that due to the availability of the tools, many systems are vulnerable until the necessary patches are released.

The Shadowbrokers posted a new collection of documents online on Friday. In addition to the Windows exploits, the dump contains information about espionage activities by the NSA and CIA, including in banking networks.