Security Alert: NSA’s Windows RDP Exploit Remains Unpatched

May 26th, 2017

Brace yourself for a potential 2nd wave of malware/ransomware attacks, as Windows SMB wasn't the only network protocol whose zero-day exploits created by exposed by the Shadow Brokers.

NSA RDP Exploit EsteemAudit

Security Alert: NSA's Windows RDP Exploit Remains Unpatched

Microsoft released patches for the Windows SMB flaws for supported versions of Windows back in March, and then unsupported versions of Windows immediately after the outbreak of Wannacry ransomware.  However, Microsoft has ignored patching for three other NSA hacking tools, dubbed "EnglishmanDentist," "EsteemAudit," and "ExplodingCan."

It's been 2 weeks since Wannacry Ransomware began to spread, which has already infected 300,000 computers worldwide, although it is now slowing down.

EsteemAudit is a dangerous NSA-developed Windows hacking tool leaked by the Shadow Brokers that targets the Windows RDP service (port 3389) on Windows 2003 and Windows XP machines.

Since Microsoft no longer support Windows Server 2003 and Windows XP and unlike EternalBlue the company has not released any emergency patch for EsteemAudit exploit so far, over 24,000 vulnerable systems remains still exposed on the Internet for anyone to hack.

EsteemAudit can also be used as a wormable malware, similar to the WannaCry ransomware, which allows hackers to propagate in the enterprise networks, leaving thousands of systems vulnerable to ransomware, espionage and other malicious attacks.

How You Can Protect Yourself and Your Organization

The easiest thing to do is to simply retire all Windows 2003 and Windows XP machines.  These systems have been a ticking timebomb since they went end of life a few years ago.  All supported Windows operating systems are not at risk, says Microsoft.

If you can't retire all of your old Windows 2003 and Windows XP machines, then you make sure Windows RDP port 3389 is NOT exposed to the Internet.  Have your Network Admin, your IT provider, or The Fulcrum Group verify that for you.