Vulnerabilities / Threats
5/24/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

enSilo Launches Independent Patch for 'ESTEEMAUDIT' RDP Exploit

Patch protects users from malware campaigns increasingly fueled by shadow brokers' exploit disclosures.

SAN FRANCISCO, CA – enSilo, the company that has redefined endpoint security, today announced that it has issued a patch for Windows XP and Windows Server 2003 to fix a critical remote desktop protocol (RDP) vulnerability, ESTEEMAUDIT, that leaves users exposed to ransomware, espionage campaigns and other malicious code in the enterprise. ESTEEMAUDIT is another reputed National Security Agency (NSA)-developed exploit leaked by the Shadow Brokers that could be used to drive attacks similar to WannaCry ransomware. WannaCry exposed the sheer volume of Windows XP and Server 2003 users who have been left vulnerable to such attacks following Microsoft’s discontinuation of support in 2014. It is estimated that Windows XP continues to be used by hundreds of millions of connected devices worldwide, from ATMs and sensitive control systems to medical gear.  enSilo’s free patch helps ensure that these systems, many of which support critical infrastructure, are another tool to keep enterprises safe.

"In the face of escalating ransomware attacks, enSilo wanted to fill a market gap to support and address the needs of users who rely on vulnerable legacy systems such as Windows XP and Server 2003," said Udi Yavo, CTO and co-founder, enSilo. "When Microsoft discontinued support for XP, they created a major security problem, leaving users exposed and leading to the WannaCry crisis. While the original OS developers ignore pressing threats, enSilo is ensuring that susceptible systems stay protected."

Alarmed at Microsoft’s discontinuation of technical support for legacy systems and devices, Yavo and the researchers and developers at enSilo are filling critical gaps left by major operating system providers in recent years. With his background in cyber defense R&D, Yavo has a strong history of disclosing software vulnerabilities along with exploitation methods coupled with a patch.  

Windows XP-based systems currently account for more than 7 percent of desktop operating systems still in use today in addition to supporting a countless number of systems relied on by foreign governments, the US military, law enforcement agencies and the healthcare industry. Moreover, research estimates that more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of global market share. Despite Microsoft’s work to quickly patch the ETERNALBLUE exploit in the wake of WannaCry, since Microsoft’s support for both Windows XP and Windows Server 2003 ended many systems have continued to go unpatched leaving them vulnerable to significant attacks. enSilo’s agnostic endpoint security approach protects against attacks independent of the OS, including WannaCry.

Recognizing the challenge of protecting the millions of users that still rely on Windows XP and Windows Server 2003, enSilo’s patch protects vulnerable users from ESTEEMAUDIT, a remote desktop protocol exploit that enables attackers to gain lateral movement within an unpatched system and/or device. When this kind of access is coupled with a malware attack, it has the ability to shut down entire systems and services.

enSilo’s patch for Windows XP and Windows Server 2003 is available via an installation program here.

The patch supports silent installation and does not require a reboot, which helps users and embedded systems avoid the required downtime typically associated with patch installations.  Upon patching, any attempt to deliver malware using the ESTEEMAUDIT exploit fails.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
FrankUnderwood2020
50%
50%
FrankUnderwood2020,
User Rank: Apprentice
5/25/2017 | 9:19:52 AM
Is a patch necessary?
Given Fortinet's analysis, wouldnt it be enough to unregister the vulnerable CSP Provider?

Like 'regsvr32 /s /u gpkcsp.dll'

https://blog.fortinet.com/2017/05/11/deep-analysis-of-esteemaudit

 
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.