Data: CASIE
Negative Trigger
patches
for
the
majority
of
attacks
,
and
the
most
recent
fix
c
ame
Vulnerability-related.PatchVulnerability
last
month
.
``
Most
of
the
exploits
that
w
ere disclosed
Vulnerability-related.DiscoverVulnerability
fall
into
vulnerabilities
that
a
re already patched
Vulnerability-related.PatchVulnerability
in
our
supported
products
,
''
a
blog
post
p
ublished
Vulnerability-related.DiscoverVulnerability
Friday
night
by
Microsoft
reads
.
Broadly
,
the
exploits
could
have
allowed
a
hacker
to
compromise
a
ffected
Vulnerability-related.DiscoverVulnerability
computers
on
a
variety
of
Windows
versions
.
For
example
,
the
ERRATICGOPHER
attack
w
as addressed
Vulnerability-related.PatchVulnerability
prior
to
the
release
of
Windows
Vista
,
and
ETERNALCHAMPION
w
as fixed
Vulnerability-related.PatchVulnerability
with
t
wo other previously disclosed
Vulnerability-related.DiscoverVulnerability
vulnerabilities
,
according
to
the
blog
post
.
ETERNALBLUE
,
ETERNALROMANCE
,
and
ETERNALSYNERGY
w
ere all patched
Vulnerability-related.PatchVulnerability
on
March
14
,
according
to
a
Microsoft
Security
Bulletin
.
Microsoft
d
id not patch
Vulnerability-related.PatchVulnerability
three
other
exploits
,
ENGLISHMANDENTIST
,
ESTEEMAUDIT
,
and
EXPLODINGCAN
,
ostensibly
because
the
attacks
could
not
be
reproduced
on
supported
systems—that
is
,
modern
versions
of
Windows
that
Microsoft
still
i
ssues
Vulnerability-related.PatchVulnerability
updates
for
.
Microsoft
says
customers
using
Windows
7
or
above
are
not
at
risk
.
``
Customers
still
running
prior
versions
of
these
products
are
encouraged
to
upgrade
to
a
supported
offering
,
''
the
Microsoft
blog
post
added
.
Interestingly
before
the
March
14
patch
,
vulnerabilities
related
to
several
ETERNAL
exploits
also
a
ffected
Vulnerability-related.DiscoverVulnerability
Windows
10
,
according
to
the
Microsoft
Security
Bulletin
.
But
,
again
,
a
fully
up
to
date
copy
of
Windows
10
will
not
b
e vulnerable.
Vulnerability-related.DiscoverVulnerability
Originally
,
it
was
believed
that
many
of
these
exploits
were
so-called
zero-days
;
exploits
that
took
advantage
of
vulnerabilities
that
Microsoft
was
not
aware
of
.
Security
researchers
v
erified
Vulnerability-related.DiscoverVulnerability
that
many
of
the
exploits
did
work
against
Windows
systems
.
However
,
it
turns
out
that
at
least
one
of
the
researchers
did
not
test
the
exploits
against
a
fully
up
to
date
Windows
machine
,
and
crucially
,
not
on
one
that
included
the
March
14
patch
.
Matthew
Hickey
,
otherwise
known
as
Hacker
Fantastic
and
the
co-founder
of
British
cybersecurity
firm
Hacker
House
,
told
Motherboard
on
Saturday
he
had
used
a
``
clean
install
''
of
Windows
to
test
the
attacks
.
Meaning
that
the
machine
d
idn't include
Vulnerability-related.PatchVulnerability
the
latest
security
fixes
,
and
led
to
erroneous
results
.
It
's
pretty
much
always
a
good
idea
to
keep
your
computer
's
operating
system
f
ully up to date,
Vulnerability-related.PatchVulnerability
especially
when
news
of
critical
security
issues
comes
to
light
.
On
Friday
,
the
hacker
group
known
as
The
Shadow
Brokers
released
a
trove
of
Windows
exploits
.
But
Microsoft
says
it
h
as already issued
Vulnerability-related.PatchVulnerability
patches
for
the
majority
of
attacks
,
and
the
most
recent
fix
c
ame
Vulnerability-related.PatchVulnerability
last
month
.
``
Most
of
the
exploits
that
w
ere disclosed
Vulnerability-related.DiscoverVulnerability
fall
into
vulnerabilities
that
a
re already patched
Vulnerability-related.PatchVulnerability
in
our
supported
products
,
''
a
blog
post
p
ublished
Vulnerability-related.DiscoverVulnerability
Friday
night
by
Microsoft
reads
.
Broadly
,
the
exploits
could
have
allowed
a
hacker
to
compromise
a
ffected
Vulnerability-related.DiscoverVulnerability
computers
on
a
variety
of
Windows
versions
.
For
example
,
the
ERRATICGOPHER
attack
w
as addressed
Vulnerability-related.PatchVulnerability
prior
to
the
release
of
Windows
Vista
,
and
ETERNALCHAMPION
w
as fixed
Vulnerability-related.PatchVulnerability
with
t
wo other previously disclosed
Vulnerability-related.DiscoverVulnerability
vulnerabilities
,
according
to
the
blog
post
.
ETERNALBLUE
,
ETERNALROMANCE
,
and
ETERNALSYNERGY
w
ere all patched
Vulnerability-related.PatchVulnerability
on
March
14
,
according
to
a
Microsoft
Security
Bulletin
.
Microsoft
d
id not patch
Vulnerability-related.PatchVulnerability
three
other
exploits
,
ENGLISHMANDENTIST
,
ESTEEMAUDIT
,
and
EXPLODINGCAN
,
ostensibly
because
the
attacks
could
not
be
reproduced
on
supported
systems—that
is
,
modern
versions
of
Windows
that
Microsoft
still
i
ssues
Vulnerability-related.PatchVulnerability
updates
for
.
Microsoft
says
customers
using
Windows
7
or
above
are
not
at
risk
.
``
Customers
still
running
prior
versions
of
these
products
are
encouraged
to
upgrade
to
a
supported
offering
,
''
the
Microsoft
blog
post
added
.
Interestingly
before
the
March
14
patch
,
vulnerabilities
related
to
several
ETERNAL
exploits
also
a
ffected
Vulnerability-related.DiscoverVulnerability
Windows
10
,
according
to
the
Microsoft
Security
Bulletin
.
But
,
again
,
a
fully
up
to
date
copy
of
Windows
10
will
not
b
e vulnerable.
Vulnerability-related.DiscoverVulnerability
Originally
,
it
was
believed
that
many
of
these
exploits
were
so-called
zero-days
;
exploits
that
took
advantage
of
vulnerabilities
that
Microsoft
was
not
aware
of
.
Security
researchers
v
erified
Vulnerability-related.DiscoverVulnerability
that
many
of
the
exploits
did
work
against
Windows
systems
.
However
,
it
turns
out
that
at
least
one
of
the
researchers
did
not
test
the
exploits
against
a
fully
up
to
date
Windows
machine
,
and
crucially
,
not
on
one
that
included
the
March
14
patch
.
Matthew
Hickey
,
otherwise
known
as
Hacker
Fantastic
and
the
co-founder
of
British
cybersecurity
firm
Hacker
House
,
told
Motherboard
on
Saturday
he
had
used
a
``
clean
install
''
of
Windows
to
test
the
attacks
.
Meaning
that
the
machine
d
idn't include
Vulnerability-related.PatchVulnerability
the
latest
security
fixes
,
and
led
to
erroneous
results
.
It
's
pretty
much
always
a
good
idea
to
keep
your
computer
's
operating
system
f
ully up to date,
Vulnerability-related.PatchVulnerability
especially
when
news
of
critical
security
issues
comes
to
light
.