Published: Tue, April 18, 2017
Hi-Tech | By Ellis Neal

Microsoft Already Patched Vulnerabilities Leaked by Shadow Brokers

Microsoft Already Patched Vulnerabilities Leaked by Shadow Brokers

In a statement on their blog, Microsoft clarified the exploits from "Shadow Brokers" have already been patched.

The National Security Agency notified Microsoft about the vulnerabilities that the agency and the hacker group were aware of in January and Microsoft patched the systems by March. The exploits the group revealed Friday included Windows vulnerabilities as well as hacking tools apparently used by the NSA to monitor messages about financial transactions through the SWIFT telecommunications network for banking. Microsoft said that the patches have been fixed for anyone running Windows 7 and beyond - meaning that if you're a Windows XP holdout, you are still vulnerable.

The company also said it verified the exploits and discovered that nine were already been addressed by previously issued patches.

The news timing of the leak was awful for the security of Windows users, the reason being that this happened before the weekend and during the Easter holiday for many, thus making mitigation deployment rather slow.

The documents and files were released by a group calling themselves The Shadow Brokers. Considering that those hacking tools were a few years old, it's barely surprising to learn they don't really work anymore on newer OS versions.

The NSA penetrated a service bureau for SWIFT SWIFT is an worldwide financial messaging service used for transferring money between banks, and it possesses data useful for tracking how money flows around the world.

". customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk", the company said. The NSA is required to notify American companies when the agency finds zero-day vulnerabilities in their systems in order to give the companies a chance to protect their networks from attacks. "Customers still running prior versions of these products are encouraged to upgrade to a supported offering", Microsoft says.

Microsoft announced it has already patched vulnerabilities reported in Friday's high-profile leak of suspected U.S. NSA spying tools.

Despite the indication that the NSA notified Microsoft of the vulnerabilities contained in the leaks, some technical experts expressed doubts that the NSA always follows this rule when necessary.

The US government has not commented on this leak, though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden. The company revealed this on Friday after The Shadow Brokers released an entire set of NSA exploits online.

Like this: