Yet another stunning fact on MS17-010 vulnerability surfaces forcing the cyber security experts to concentrate on the ways and means to counter the threat that deepens on every passing day. Top researchers claimed to have found out that NSA Cyber weapon DoublePulsar has every possible chance to exploit the Windows embedded devices.
After the Shadow Brokers stood exposed last year, it has come to light that the hackers or attackers used the windows system when the NSA Tool, known as DoublePulsar—provided an exclusive and backdoor entry into it. That was what the conclusive findings of the research which involved a team of top cyber experts. During the research, the experts minutely examined DoublePulsar functioning on an Embedded Windows device. Only then, they got to know all about the DoublePulsar authors who never supported to an embedded device and instead the exploit was meant for Windows OS. The cyber security experts checked target here to ascertain the vulnerability and finally, deploying SMBTouch, they jumped into the conclusion that the target was really vulnerable to EternalBlue. After installing the backdoor on the target the cyber scientists came to discover that the modules of the MSF exploit authors failed to fix the support for windows embedded version. According to researchers, initially they created a DLL to the target host and then injected the DoublePulsar exploit into the embedded system. The research provided the scientists more facts on how the Windows Embedded devices exploit. According to what a researcher engaged in it said, a graphical view was allowed to play a crucial role in it. He said that the experts assumed that as the target machine starts running Windows7, it took the left course. Then it took the turn to ascertain whether the entire architecture system that kept running was indeed x64 or x86, which one was correct. On the contrary, the system keeps taking the right course if the target is far from being Windows 7. Then in right side, it perform OS checks. The system ends up on an error machine in the absence of any check for the windows embedded. In fact, the error takes place only for not checking the windows embedded devices as the exploit was found to have been functioning against target. Only after these crucial but interesting happenings, the researchers made a slew of modifications in the exploit to counter the threat.