Vulnerabilities / Threats

12:00 AM
Dark Reading
Dark Reading
Products and Releases

enSilo Launches Independent Patch for 'ESTEEMAUDIT' RDP Exploit

Patch protects users from malware campaigns increasingly fueled by shadow brokers' exploit disclosures.

SAN FRANCISCO, CA – enSilo, the company that has redefined endpoint security, today announced that it has issued a patch for Windows XP and Windows Server 2003 to fix a critical remote desktop protocol (RDP) vulnerability, ESTEEMAUDIT, that leaves users exposed to ransomware, espionage campaigns and other malicious code in the enterprise. ESTEEMAUDIT is another reputed National Security Agency (NSA)-developed exploit leaked by the Shadow Brokers that could be used to drive attacks similar to WannaCry ransomware. WannaCry exposed the sheer volume of Windows XP and Server 2003 users who have been left vulnerable to such attacks following Microsoft’s discontinuation of support in 2014. It is estimated that Windows XP continues to be used by hundreds of millions of connected devices worldwide, from ATMs and sensitive control systems to medical gear.  enSilo’s free patch helps ensure that these systems, many of which support critical infrastructure, are another tool to keep enterprises safe.

"In the face of escalating ransomware attacks, enSilo wanted to fill a market gap to support and address the needs of users who rely on vulnerable legacy systems such as Windows XP and Server 2003," said Udi Yavo, CTO and co-founder, enSilo. "When Microsoft discontinued support for XP, they created a major security problem, leaving users exposed and leading to the WannaCry crisis. While the original OS developers ignore pressing threats, enSilo is ensuring that susceptible systems stay protected."

Alarmed at Microsoft’s discontinuation of technical support for legacy systems and devices, Yavo and the researchers and developers at enSilo are filling critical gaps left by major operating system providers in recent years. With his background in cyber defense R&D, Yavo has a strong history of disclosing software vulnerabilities along with exploitation methods coupled with a patch.  

Windows XP-based systems currently account for more than 7 percent of desktop operating systems still in use today in addition to supporting a countless number of systems relied on by foreign governments, the US military, law enforcement agencies and the healthcare industry. Moreover, research estimates that more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of global market share. Despite Microsoft’s work to quickly patch the ETERNALBLUE exploit in the wake of WannaCry, since Microsoft’s support for both Windows XP and Windows Server 2003 ended many systems have continued to go unpatched leaving them vulnerable to significant attacks. enSilo’s agnostic endpoint security approach protects against attacks independent of the OS, including WannaCry.

Recognizing the challenge of protecting the millions of users that still rely on Windows XP and Windows Server 2003, enSilo’s patch protects vulnerable users from ESTEEMAUDIT, a remote desktop protocol exploit that enables attackers to gain lateral movement within an unpatched system and/or device. When this kind of access is coupled with a malware attack, it has the ability to shut down entire systems and services.

enSilo’s patch for Windows XP and Windows Server 2003 is available via an installation program here.

The patch supports silent installation and does not require a reboot, which helps users and embedded systems avoid the required downtime typically associated with patch installations.  Upon patching, any attempt to deliver malware using the ESTEEMAUDIT exploit fails.


Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/25/2017 | 9:19:52 AM
Is a patch necessary?
Given Fortinet's analysis, wouldnt it be enough to unregister the vulnerable CSP Provider?

Like 'regsvr32 /s /u gpkcsp.dll'

8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.