流出したNSAのハッキングツールの影響範囲を調べてみた

「NSAのハッキングツール」新たに大量流出 Windowsの脆弱性悪用も - ITmedia エンタープライズ

それ以外の3件についても、サポート対象のプラットフォームでは攻撃を再現できなかったと述べ、「Windows 7とそれ以降のバージョンのWindows、またはExchange 2010とそれ以降のバージョンのExchangeに危険は及ばない」と説明

ということなので、一応調べてみた。

Code Name News Microsoft
ESKIMOROLL,

a Kerberos exploit targeting Windows 2000, Server 2003, Server 2008 and Server 2008 R2 domain controllers. MS14-068
EMPHASISMINE remote IMAP exploit for later versions of Lotus Domino. -
ETERNALROMANCE remote SMB1 network file server exploit targeting Windows XP, Server
2003, Vista, Windows 7, Windows 8, Server 2008, and Server 2008 R2. This
is yet another reason to stop using SMB1 ? it's old and vulnerable.
MS17-010
ETERNALBLUE another SMB1 and SMB2 exploit. Below is a video showing ETERNALBLUE compromising a Windows 2008 R2 SP1 x64 host via FUZZBUNCH to install a remote command execution tool called DOUBLEPULSAR. MS17-010
ETERNALCHAMPION SMB2 exploit.
ERRATICGOPHER, an SMB exploit targeting Windows XP and Server 2003.
CVE-2017-0146
CVE-2017-0147
ETERNALSYNERGY remote code execution exploit against SMB3 that potentially works against operating systems as recent Windows Server 2012. MS17-010
EMERALDTHREAD SMB exploit that drops a Stuxnet-style implant on systems.
, a remote
MS10-061
ESTEEMAUDIT RDP exploit targeting Windows Server 2003 and Windows XP to install hidden spyware. -
EXPLODINGCAN IIS 6?exploit that targets WebDav on Server 2003 only. -
ErraticGopher SMB exploit, targets XP and 2003 prior to the release of Windows Vista
OddJob implant builder and C&C server that can deliver exploits for Windows 2000 and later, also not detected -
EasyBee exploit for MDaemon private email server -
EducatedScholar SMB v2 MS09-050
FuzzBunch an exploit framework, similar to MetaSploit -
EclipsedWing SMB exploit for 2000, 2003 and XP MS08-067
EnglishMansDentist appears to use OWA and SMTP, maybe remote rule trigger on client  -
EwokFrenzy Lotus Domino 6 & 7 exploit -
ZippyBeer Microsoft Domain Controller exploit -
DoublePulsar SMB MS17-010 ?
Easypi Lotus cc:Mail exploit -
EARLYSHOVEL RedHat 7.0 - 7.1 Sendmail 8.11.x exploit -
ECHOWRECKER remote Samba 3.0.x Linux exploit. -
EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. -
EPICHERO 0-day exploit (RCE) for Avaya Call Server -
ETRE an exploit for IMail 8.10 to 8.22 -

赤字がパッチなし確定のやつ。(ただし、XP 2009は出てるパッチもある)

正しくは、 Windows 7/8もターゲットにした ハッキングツールがあるが、Windows Update を適用していれば問題ない。

ことがわかる

おすすめ

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です