Windows SMB and Shadow Brokers leaked exploits

Thomas Owen posted in: Security Developer

Memset Security have noticed an increase in SMB-related compromises on Windows servers with SMB (Port 445) open to the public. This has been as a result of the alleged NSA-related Shadow Broker exploit kit leaks.

Whilst all of the exploits contained within the Shadow Broker leak are interesting, we have detected numerous compromised Windows servers running the Double Pulsar injection system. Double Pulsar can be used to stealthily inject a wide range of attack tools into a compromised server, including;

malware
rootkits that can turn your server into a botnet member
keyloggers and data exfiltration systems to steal your and your customers’ credentials and sensitive data

Fortunately, the exploits within the Shadow Broker leak have patches available, so the best defence is to ensure that all servers are fully patched and up to date. As an additional defence, we recommend that SMB (Port 445) is never open to the internet and is appropriately filtered by your Memset or local firewall.

If you have any concerns please contact your Account Manager or our Sales Team +44 (0)1753 471 040.

Windows SMB and Shadow Brokers leaked exploits

Categories

Business

Developer

Security

Memset News

Recent news

The considerations for the data centre management team in a post-COVID-19 world

May 12, 2020

Small and mid-sized MSPs are well placed to ride out the COVID-19 pandemic

April 28, 2020

Ensure flexible business continuity with our brand-new, public cloud IaaS service

April 6, 2020

Providing flexibility and premium performance with brand-new dedicated server range

March 30, 2020

+44 (0)1753 471 040

New Support Ticket