11

Today (on April 14) the self-called "ShadowBrokers" released a large dump of ready-to-use 0-day exploits, partly with detailed usage explanations.

Now I understand that this is really bad for companies that have internet-facing Windows Servers or other similar setups.

But for the more interesting question:
Does today's dump affect the average user behind his average consumer ISP-provided router who didn't actively set up an internet facing service on his Windows machine?

Potentially useful references:
Motherbord article.
Ars Technica article.

SEJPM
  • 9,500
  • 5
  • 35
  • 66

1 Answers1

8

Microsoft have now provided an analysis of the exploits which were released in this dump.

Their analysis shows that the exploits included all have patches available for them, on suported versions of Windows.

So if a user is up to date with their patches and using a supported version of Windows these exploits should have no effect.

Where these exploits will have an effect is for users who haven't moved off out of support platforms like Windows XP. These exploits represent an easily usable path to exploit systems like Windows XP and Windows server 2003, so this release should provide more impetous (if it was needed) to migrate to a supported platform.

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • What if they spent all of the time to make the exploits and their targets just updated to newer versions of Windows? – the_endian Apr 15 '17 at 10:05