Critically Severe Windows Vulnerability Discovered
In May 2017, the WannaCry ransomware attack swept the globe, affecting computers that used Microsoft Windows. During the attack, users' files were locked and a ransom in Bitcoin was demanded in exchange for their release. It hit hundreds of thousands of computers globally and caused up to $4 billion worth of damage. The WannaCry ransomware attack made use of a Windows exploit called EternalBlue, which was developed by the US National Security Agency (NSA). Researchers have now discovered a new Windows code execution exploit called CVE-2022-37958, which could rival EternalBlue.
The vulnerability allows attackers to execute malicious code with no authentication required, and is wormable, meaning it can trigger a chain reaction of self-replicating follow-on exploits on other vulnerable systems. It was the wormability of EternalBlue that allowed WannaCry to spread so quickly and cause so much damage.
However, unlike EternalBlue, which could only be exploited using the SMB (server message block) protocol, the new vulnerability is present in a wider range of network protocols, giving attackers more flexibility. Valentina Palmiotti, who is the cybersecurity researcher at IBM who discovered exploit said:
“An attacker can trigger the vulnerability via any Windows application protocols that authenticates […] For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet-exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”
Fortunately, the vulnerability was fixed by Microsoft in September, but at the time it was initially believed to only allow for the disclosure of sensitive information and so wasn’t being taken nearly as seriously as it should. It has since been revised to a critical severity rating, with Microsoft giving it a severity rating of 8.1, which is the same rating EternalBlue has.
Therefore, although the vulnerability has been patched for three months some organizations may have been slow to deploy the patch or have not patched their systems at all in the meantime. The new severity rating and the nature of the exploit mean it is more important than ever to run security updates on any and all Windows machines. Although ransomware attacks tend to target organizations such as the hospitals and health authorities that fell victim to WannaCry, it is worth updating and running the latest security patches on your personal devices too.
i recently found CVET on my Windows 7 Professional x64 system and i could not get rid of it. I tried everything…reg hacks, unseting it’s file attributes, command prompt, moving it to a usb flash drive, but i always got “operation denied” error messages. it seriously hindered my ability to get anything done and i was losing admin privileges, and lost user groups altogether until finally after i took ownership of the whole file system in every directory tree on my computer i ran adsi.hta and the results said that the system was to ignore owner rights, all certificates were deemed invalid, my website disappeared. i had no other recourse than to install linux over my windows partition because when i tried reinstalling windows 7 again, it reinstalled with no drivers, no device drivers, no internet connections, nothing. Reading about this malware only solidifies what i have known all along….and this is just my opinion ok? There are no security vulnerabilities with windows 7 or any other version of windows….the only malware that i see is created within microsoft themselves….inside windows, for whatever reason….to force an upgrade or to force more money out of windows end users who are already paying through the wazoo for their microsoft products…I truly believe that windows updates does more harm to our operating systems than any outside threat anywhere. i have long believed that Microsoft has it out for the “volatile” user….and once they get hold of your gps location ie ipaddress, macaddress, etc. it’s only a matter of time before your system is “attacked” forcing you to shut it all down because your files begin to disappear and under the help on the menu of your files be it explorer or any other like control panel menus….instead of topics about there’s another added feature to your help ….is this copy of windows legal?
The fault is your own. Having chose to continue to use an OS hat is no longer supported by it’s maker, you should have had backups of all the neccessary files to make it work on the device you where using it on.
I have devices running XP and 7 and I keep all the neccessary files to reinstall the OS from scratch if needed on those devices. They are isolated systems though, and not connected to any network. That would be foolish.
You should have backups, whether the OS is supported or not.
Myself, I do the Windows 7 style backups weekly on windows 10.
I also repurpose old HDDs as external backup devices for files important to me. I bought a powered usb to sata adapter for the job. It works great.
“…an OS [t]hat is no longer supported by [its] maker…”
I thought Microsoft’s last round of Extended Security Updates for Windows 7 wasn’t due until the January 2023 Patch Tuesday, which — correct me if I misunderstood — means that Windows 7 is currently still supported by its maker.
Your talking about a paid service that is only “available through specific volume licensing programs”.
Don’t blame Microsoft for your own shortcomings. My Windows 7 systems will still run but I gave up using it because IT IS INSECURE.
Switching to Linux at least gets you away from a non-supported OS. If you need Windows, you possibly need a new computer of at least some component upgrades. If you don’t need Windows stick with Linux. The more people who switch to Linux, the larger the target it becomes. You need to keep updating it and not become complacent about security.
The main lesson here is next time, restore from your offline bare metal backup.
Wow, that escalated quickly.. What even is CVET?????
“There are no security vulnerabilities with windows 7 or any other version of windows”
…ummmmmmm….ooookaaaaaayyyyy….? Thanks for the laughs. You know, it was time to ditch Windows 7 anyway, yes I know we all loved it and it was great. It’s not great in 2023. We all need to let it go, let it die in peace. There are a few linux distros that any Windows 7 user with an old potato computer can get used to very quickly, that’s the way to go. Zorin OS and Linux Mint first, followed by Kubuntu. Ancient, weak potato? Q4OS Trinity or Debian KDE Non-Free Firmware Version. For shits & giggles, install XPQ4 on Q4OS Trinity and travel back in time to Windows XP-world where men were still men and women were quiet!
You didn’t say how you re-installed your Windows 7. Even if you’re using an original Windows disk, if you haven’t done a low level format on your drive (on the first 10 cylinders, at least), you’ll keep running into your problem.
So, an install from a Windows disk to a new drive and you’re good to go.
If you never upgraded at some point to a SATA SSD, here’s your opportunity! Pricing is $30-70 for 500GB to 1TB.
If you don’t have an original Windows disk, you’ll need to burn your own using an ISO downloaded from a Windows site on a known-good computer with a DVD burner. Or buy a Windows 11 OEM disk.
I don’t know where you live, but you take your computer to a local shop where they can return your system with a new SSD and Windows 11.
I still have two of my five PCs running Windows 7 and using Microsoft Security Essentials with update checks every hour. (It uses the same definitions as Defender in Windows 10 & 11.) Layered into that is AppCheck Pro, SpyShelter and Glasswire.
As for my files, a handful of folders get incremental hourly backups to an external SSD, all important data folders get incremental backups every evening to that SSD and a LAN-only NAS.
Your choice of which of the 600+ distros you chose is A-OK, because “Linux” is 100% bulletproof. About 25 years ago, I heard Linux will be replacing Windows. /sarc
While I have no unconditional love for Microsoft, as a certified pro having helped pay the rent, your opinions are unreasonable and extreme.
Community FYI: I know Linux, having supported it twice in two major enterprises in the course of my career. My certification in Unix 5 helped. A lot.
Microsoft might be careless and incompetent, but outright malicious and nafarious.. I think that’s a bit of a stretch.
Pushing testing of the OS out to the community at large was a foolish decision and has opened Microsoft up to more citicism and they’ve certainly bungled alot since they made that decision.
I hate Microsoft with a passion, but I don’t think they’re out there consciously behaving in a criminal fashion as you suggest.
LoL go find the Microsoft video of them pretending to act like badasses while they destroy an iPhone and then and only then will you comprehend the Microsoft “culture”.
They have zero respect for their customers and work very closely with what people keep calling “government”. The criminals took over society a long time ago, a very long time ago.
> I hate Microsoft with a passion, but I don’t think they’re out there consciously behaving in a criminal fashion as you suggest.
I hate, but…. That famous word, “but…”
Microsoft is a convicted monopoly. They are CRIMINALS. They have more connections around the world than any cartel or mafia. Do you really want to support/use a system which has so many “remote exploit” holes every version? Do you think they’re there by accident?
> While I have no unconditional love for Microsoft, as a certified pro having helped pay the rent, your opinions are unreasonable and extreme.
Yes, some people depend upon M$ for their income. This should be criminal. The band of outlaws should be split up like they should’ve been following their conviction. IMO, anyone “supporting” and/or making money in other ways to retain people on a criminal OS is a fool or just another paid stooge.
> Your choice of which of the 600+ distros you chose is A-OK, because “Linux” is 100% bulletproof.
Linus is about choice. Were there only one or a small handful of distros, M$ would probably buy them up and shut them down. Look what happened with Novell/SUSE and their “partership.” Where is Novell today?
> About 25 years ago, I heard Linux will be replacing Windows. /sarc
Laugh it up fuzzball. Whether or not DESKTOP Linux will replace Windows is one thing, but meanwhile Linux quietly powers all sorts of things aside from DESKTOP computers and even aside from SERVERS. Most people are using Linux in some form on so many electronic devices it’s wonderful.
Linux is about freedom. I don’t have to have a license or run some stupid checker to see if the Linux I want to run is supported by whatever specific hardware out there.
I can put OpenBox or another lightweight setup on just about any distro and bring ancient machines back to life should I want to. Choice and freedom vs. a bunch of criminals.
It would really help, Patrick, if some more background were given to help readers understand the nature of Eternal Blue and the NSAs involvement with stockpiling vulnerabilities/expoits that it never shares with Microsoft.
Naturally, in this case, NSA blamed users for not upgrading to versions of Windows that had been patched rather than admit it has a treasure trove of exploits it has developed and is willing to “leak” to different groups.
The NSA has an Alexandrian library of known Windows and Linux vulnerabilities that it attempts to control, but these mysterious “leaks” continue, even to this day.
The article could be more thorough in discrediting the NSA for its failure to alert the citizens and companies of the US to its vault of critical security information, information that if provided at the right time would have saved countless billions of dollars.
Sort of wonder what side the NSA is on?
Windows 7 here which, with such threats, appears to be a guillotine. Perhaps can disabling Remote Desktop disturb the lame launching?
“The WannaCry ransomware attack made use of a Windows exploit called EternalBlue, which was developed by the US National Security Agency (NSA).”