The Shadow Brokers, the hacker group that previously tried to auction off hacking tools acquired from the NSA, released a new dump of programs today. The exploits, which focus on multiple versions of Microsoft’s Windows operating system, are extremely effective — and, worryingly, don’t require extensive technical knowledge to use.
According to Motherboard, the most dangerous program in the release is an NSA program known as FUZZBUNCH, “a hacking suite or toolkit that contains several plug-and-play exploits to attack several versions of Windows operating system.” According to one security researcher the site spoke with, the dump also includes step-by-step instruction on what commands to run and how to use the tools.
If you’re running Microsoft’s latest OS, Windows 10, you should be fine, but FUZZBUNCH has tools to infiltrate “server versions from NT, 2000, 2003, 2008 and up to 2012, as well as the consumer versions XP, Vista, 7 and Windows 8.” That’s most of the last decade and a half of Windows releases. Many of the vulnerabilities that the tools exploit are known as zero-day exploits, weaknesses unknown to the software manufacturer, and thus ripe for taking advantage of. “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” security researcher Matthew Hickey told the Intercept.
Microsoft says they are looking at, and working to patch, the vulnerabilities, but for obvious security reasons, they’re not going into much detail about the tools. As for what Windows owners can do right now, the answer is “not much.” You could upgrade to Windows 10, or you could take you computer offline completely until the holes are patched. Or you could just roll the dice and use your computer as you normally would. Live your best life.