Patch protects users from malware campaigns increasingly fueled by shadow brokers' exploit disclosures.

May 24, 2017

3 Min Read


SAN FRANCISCO, CA – enSilo, the company that has redefined endpoint security, today announced that it has issued a patch for Windows XP and Windows Server 2003 to fix a critical remote desktop protocol (RDP) vulnerability, ESTEEMAUDIT, that leaves users exposed to ransomware, espionage campaigns and other malicious code in the enterprise. ESTEEMAUDIT is another reputed National Security Agency (NSA)-developed exploit leaked by the Shadow Brokers that could be used to drive attacks similar to WannaCry ransomware. WannaCry exposed the sheer volume of Windows XP and Server 2003 users who have been left vulnerable to such attacks following Microsoft’s discontinuation of support in 2014. It is estimated that Windows XP continues to be used by hundreds of millions of connected devices worldwide, from ATMs and sensitive control systems to medical gear.  enSilo’s free patch helps ensure that these systems, many of which support critical infrastructure, are another tool to keep enterprises safe.

"In the face of escalating ransomware attacks, enSilo wanted to fill a market gap to support and address the needs of users who rely on vulnerable legacy systems such as Windows XP and Server 2003," said Udi Yavo, CTO and co-founder, enSilo. "When Microsoft discontinued support for XP, they created a major security problem, leaving users exposed and leading to the WannaCry crisis. While the original OS developers ignore pressing threats, enSilo is ensuring that susceptible systems stay protected."

Alarmed at Microsoft’s discontinuation of technical support for legacy systems and devices, Yavo and the researchers and developers at enSilo are filling critical gaps left by major operating system providers in recent years. With his background in cyber defense R&D, Yavo has a strong history of disclosing software vulnerabilities along with exploitation methods coupled with a patch.  

Windows XP-based systems currently account for more than 7 percent of desktop operating systems still in use today in addition to supporting a countless number of systems relied on by foreign governments, the US military, law enforcement agencies and the healthcare industry. Moreover, research estimates that more than 600,000 web-facing computers, which host upwards of 175 million websites, still run Windows Server 2003 accounting for roughly 18 percent of global market share. Despite Microsoft’s work to quickly patch the ETERNALBLUE exploit in the wake of WannaCry, since Microsoft’s support for both Windows XP and Windows Server 2003 ended many systems have continued to go unpatched leaving them vulnerable to significant attacks. enSilo’s agnostic endpoint security approach protects against attacks independent of the OS, including WannaCry.

Recognizing the challenge of protecting the millions of users that still rely on Windows XP and Windows Server 2003, enSilo’s patch protects vulnerable users from ESTEEMAUDIT, a remote desktop protocol exploit that enables attackers to gain lateral movement within an unpatched system and/or device. When this kind of access is coupled with a malware attack, it has the ability to shut down entire systems and services.

enSilo’s patch for Windows XP and Windows Server 2003 is available via an installation program here.

The patch supports silent installation and does not require a reboot, which helps users and embedded systems avoid the required downtime typically associated with patch installations.  Upon patching, any attempt to deliver malware using the ESTEEMAUDIT exploit fails.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights