Bitcoin Forum
November 16, 2024, 05:05:40 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2017-05-19]NSA Reported Vulnerability Used In WannaCry Attack To Microsoft  (Read 6312 times)
TravelMug (OP)
Hero Member
*****
Offline Offline

Activity: 2828
Merit: 872



View Profile
May 18, 2017, 05:02:33 PM
 #1

NSA Reported Vulnerability Used In WannaCry Attack To Microsoft


The U.S. National Security Agency alerted Microsoft of a critical vulnerability that was eventually used to carry out the massive WannaCry ransomware attack that hit more than 300,000 computers worldwide last week, the Washington Post reported.

The NSA went to Microsoft after it learned a hacking group known as the Shadow Brokers had stolen the hacking tool that took advantage of the exploit out of fear the tool might be used for a large-scale attack. Microsoft issued a patch for the vulnerability in March, but many machines were not updated at the time of the attack and were affected.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told the Washington Post.

While the NSA did alert Microsoft in time for the company to make protection available to many machines — although not always taken advantage of — it failed to make clear to the public just how dangerous the vulnerability could be.

A month after Microsoft issued the security patch, the Shadow Brokers published the code for the NSA-crafted attack known as EternalBlue. A modified version of the exploit was used to carry out the ransomware attack that hit machines in more than 150 countries, including those at hospitals and major corporations.

The WannaCry attack was also not the first time the exploit had been used. The same vulnerability was used in a botnet hack in which compromised machines were used to mine for the cryptocurrency Monero. According to security firm Proofpoint, the exploit was used as early as April and may have been larger in scale than WannaCry.

Despite the NSA’s disclosure of the exploit to Microsoft, the computing giant still scolded the government agency for holding onto and making use of the vulnerability for so long in the first place — for more than five years, the Washington Post reported.

Microsoft President and chief legal officer Brad Smith said in a blog post the hoarding of exploits by government organizations puts users at risk when the vulnerabilities aren’t disclosed to the public — especially when that information is stolen or leaked and made available for hackers to use freely with no protections in place.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen,” Smith said. “The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”

Smith reiterated Microsoft’s belief that there needs to be a “Digital Geneva Convention” to regulate government agency actions in cyberspace. The company has argued in favor of a requirement for governments to disclose exploits so companies can protect users rather than allow the vulnerabilities to exist without a fix in place and putting more people at risk.

https://bitcoinwarrior.net/2017/05/nsa-reported-vulnerability-used-wannacry-attack-microsoft/

 
█▄
R


▀▀██████▄▄
████████████████
▀█████▀▀▀█████
████████▌███▐████
▄█████▄▄▄█████
████████████████
▄▄██████▀▀
LLBIT▀█ 
  TH#1 SOLANA CASINO  
████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄████
████████████
██████████
███▀████████
▄▄█████████
████████████
████████████
████████████
████████████
█████████████
████████████▀
████████████▄
▀▀▀▀▀▀▀██████
████████████
███████████
██▄█████████
████▄███████
████████████
█░▀▀████████
▀▀██████████
█████▄█████
████▀▄▀████
▄▄▄▄▄▄▄██████
████████████▀
........5,000+........
GAMES
 
......INSTANT......
WITHDRAWALS
..........HUGE..........
REWARDS
 
............VIP............
PROGRAM
 .
   PLAY NOW    
TotalPanda
Legendary
*
Offline Offline

Activity: 1946
Merit: 1012

vertex output parameter not completely initialized


View Profile
May 18, 2017, 05:11:28 PM
 #2

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598
joshy23
Sr. Member
****
Offline Offline

Activity: 1078
Merit: 256



View Profile
May 18, 2017, 05:38:25 PM
 #3

NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
digaran
Copper Member
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 899

🖤😏


View Profile
May 18, 2017, 10:26:50 PM
 #4

NSA has already known the exploit for 5 years, but didn't told Microsoft about it. They only told Microsoft after the hacker stole the exploit from NSA. I guess, we can blame NSA for this one, why did they withheld the exploit to Microsoft? That is the problem with NSA, CAI, they don't want to share information. Unfortunately, Microsoft release a patch, but no one heeds, that's why the virus has infected a lot of computers worldwide.
Not CAI but CIA and they are monitoring some specific keywords on the web and might even read this.
They knew about the exploit and didn't tell any body because they were using it to spy on people.
I know this fact that windows is no longer safe for us to use since windows XP.
Anyways who needs them any more when we have facebook and google? they are the source and the mother load of all information.
Steve Jobs was the man to develop iOS and made Apple happened and we lost him.
If you need to be safe just write your own operating system from scratch like many people do.

🖤😏
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!