Older Windows Systems Targeted by Newly Released Hack Tools

Microsoft is investigating reports about leaked hacking tools that target older Windows systems.

The tools were announced on Friday by a group calling itself "The Shadow Brokers." A Microsoft spokesperson provided a statement via e-mail, stating that "we are reviewing the report and will take the necessary actions to protect our customers."

The Shadow Brokers has been posting hacking tools to the GitHub repository in an online auction over the last year, according to Wikipedia's account. The tools are alleged to have come from the U.S. National Security Agency.

The tools date from 2013, so they're thought to affect Windows systems older than Windows 10, according to a Motherboard story posted today. One hacking tool, called "FuzzBunch," appears to affect Windows 8, Windows 7 and Windows Vista, as well as Windows Server 2000 though Windows Server 2012, according to the story.

The GitHub post of the tools by The Shadow Brokers contains three folders, marked "oddjob," "swift" and "windows," which can be unlocked by a password that was released by the group. The swift folder contains PowerPoint slides suggesting that the Middle East network used by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for financial transactions was targeted by the NSA, according to a blog post by Microsoft Most Valuable Professional Matt Suiche. Banks in Bangladesh and Ramallah, Palestine were targeted, he indicated, regarding the released materials.

The Windows hacking tools that were released are used for remote exploits. They have names such as "EternalRomance," "EnternalChampion" and "ExternalBlue." Some of the targeted Windows versions, such as Windows Vista and Windows 2008, have fallen out of support. Consequently, their flaws won't get patched, Suiche noted.

The oddjob folder contains various log files and Excel documents, plus PowerPoint files marked "Top Secret," according to Suiche.

The release of the tools comes after WikiLeaks today published documents about purported CIA backend malware with a "public-facing HTTPS interface." WikiLeaks also released more so-called CIA "Vault 7" attack tools earlier this month that are designed to target Windows systems.

This week, CIA Director Mike Pompeo called WikiLeaks a "hostile intelligence service," according to a New York Times article. WikiLeaks, which provides leaked materials to journalists, is perhaps best known for its release of a video showing a U.S. military helicopter gunning down civilians in Iraq.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Releases Surface Diagnostic Toolkit for Business

    Microsoft released a new tool, Surface Diagnostic Toolkit for Business, earlier this month, providing a means for IT pros to find and troubleshoot problems on Microsoft Surface devices.

  • How To Enable Guest Access for Office 365

    While it's possible to give outside users access to certain content in your organization's Office 365 environment, the process of setting them up requires a few extra steps.

  • Microsoft Now Supports OpenSSH in Windows Server 2019

    Microsoft announced on Tuesday that the OpenSSH solution used for remote management is now a supported "Features on Demand" addition in both Windows 10 version 1809 and Windows Server 2019.

  • Microsoft's December Security Patches Includes Fixes for Two Active Exploits

    Microsoft ended the patch year on Tuesday with a whimper of sorts, releasing an estimated 39 security fixes in its December bundle plus one security advisory, according to a count by Trend Micro's Zero Day Initiative.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.