Most of the Windows zero-day exploits have already been patched

Exploits have either recently or long been fixed.

Hacker in silouhette at laptop

Late last week, a hacker group known as The Shadow Brokers released a trove of Windows exploits it claims to have obtained from National Security Agency's (NSA's) elite hacking team. The group released the tools and presentations and files claiming to detail the agency's methods of carrying out clandestine surveillance on Windows server software dating back to Windows XP and set off a mild panic for what was otherwise a slow Friday.

There’s just one problem: Microsoft says it has already issued patches for the majority of exploits, with some of them coming out as recently last month. The MSRC team made a blog post on Friday, the same day Shadow Brokers released the exploits, pointing this out. It was a remarkably quick response.

"Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products," wrote Phillip Misner, principal security group manager for the Microsoft Security Response Center.

Code Name



Addressed by MS17-010


Addressed by MS10-061


Addressed by CVE-2017-0146 & CVE-2017-0147


Addressed prior to the release of Windows Vista


Addressed by MS14-068


Addressed by MS17-010


Addressed by MS09-050


Addressed by MS17-010


Addressed by MS08-067

The exploits, all with peculiar names that start with the letter E, allowed a hacker to compromise affected computers and affected a variety of Windows versions. One of the exploits dated back to Windows Vista, but was addressed before Vista was even released.

Microsoft said three of the exploits -- ENGLISHMANDENTIST, ESTEEMAUDIT, and EXPLODINGCAN -- could not be reproduced on supported systems, which means anyone using Windows 7 or above is not at risk. Of course, customers still running those older operating systems are encouraged to upgrade to a supported operating system, Microsoft said in the blog post.

Some of these vulnerabilities are incredibly old. ExplodingCan creates a remote backdoor by exploiting older versions of Microsoft’s Internet Information Services Web server on older versions of Windows Server. EternalSynergy is a remote SMB exploit for Windows 8 and Server 2012. And EternalRomance is a remote SMB1 exploit targeting Windows XP, Vista, 7 and 8, plus Windows Server 2003, 2008 and 2008 R2.

Some researchers caused a panic by stating these exploits were zero-days, meaning they were vulnerabilities Microsoft was not aware of. Apparently, they didn’t bother to test against a recently patched system.


Copyright © 2017 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon