NSA Zero-Day DoublePulsar Exploit Found Actively Wreaking Havoc On Windows PCs

We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously.

This particular family of NSA exploits are being dubbed "DoublePulsar", and they're severe enough to warrant immediate attention to your Windows PCs. Last month, Microsoft released patches to remove the vulnerability, but as we all know too well, most people won't even understand the risk until it's potentially too late.

Windows 10 Desktop

Remember "Conficker"? It's a Windows bug that has persisted for over a decade, and despite it having been ousted so long ago, it still plagues a large number of systems worldwide. According to security experts, DoublePulsar is the most severe vulnerability to come out since Conficker, largely due to its staying power. There's no denying it: it's going to stick around for a while.

DoublePulsar takes advantage of a weakness in the SMB (Server Message Block) protocol of Windows, which allows computers to access another over the network (accessing a NAS share, for example, is most often done through SMB). However, that in itself isn't what's truly scary. The troubling part is the fact that the bug lets attackers access the Windows kernel to effectively gain complete control over a machine. Your data would not be safe, and neither would your software's integrity.

Windows Server 2012
Many versions of Windows are affected, including server variants

The fortunate thing is that a patch was released a month ago, so if you keep up on updating your systems, you're likely safe from the vulnerability at this point. Another upside is that Windows 10 isn't as vulnerable as older versions of Windows, since Microsoft's latest (and greatest?) operating system has better kernel checks in place to help negate these kinds of attacks.

If you're an IT manager looking for manual patches, or your Windows Update isn't pulling down the patch for some reason (might we suggest upgrading to Windows 10?), you can grab anything you need straight from Microsoft.


Via:  Threatpost
Show comments blog comments powered by Disqus