Microsoft Windows Zero-days leaked by Shadow Brokers
The exploit can be use by anyone who doesn't have much technical knowledge, and gives access to millions of Windows systems.
The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10.
Within implant, there is a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.
“I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” says security researcher Matthew Hickey.
Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches - he added.
Hickey have also demonstrate the exploit by compromising the machine running Windows Server 2008.
Microsoft have not give much details on this zero-day exploit, but says they are looking into it.