Microsoft Says It Has Patched Leaked NSA Hacks

Adjust Comment Print

The company's security systems are capable of detecting attacks against customers, and Microsoft in the past has monitored discussion about exploits on the Internet and also hired former intelligence agency veterans to help it devise programming to protect its software from encroachment. Matthew closed out his email by noting that "Microsoft will need to release fixes for several of the ETERNAL exploits and customers should ensure they apply them as soon as available".

However, Microsoft said that most of these vulnerabilities were patched by previous updates as recently as March, according to a blog post published late Friday night by Philip Misner, principal security group manager at the Microsoft Security Response Center (MSRC).

The dump of Windows exploits - arguably affecting the most people and organizations and likely to cause the most damage and embarrassment to the intelligence agency - has been expected since the hacking group first emerged on the scene past year.

Friday's release, containing Windows hacking tools and evidence the NSA may have hacked a slew of banks in the Middle East, once again offered the tools for sale, suggesting the federal government pay them to stop leaking.

However in this case Microsoft engineers have acted quickly and in the shortest possible time they made a patch for such exploit leakage which is potentially unsafe to users of their systems.

As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The releases are published with odd and misspelled blog posts. This is not the first time the Shadow Brokers have targeted the NSA.

But Beaumont said that some of the tools he examined "may be" previously undisclosed, but they have yet "to be confirmed".

Trump seems to rule out further intervention in Syria
President Donald Trump , speaking at an event in the White House, said he was not surprised by China's abstention. Tillerson is considering the request, he said, "and we expect that Washington will have a constructive reaction".

This meant that "customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk".

Security researchers say the group's latest leak is the most damaging one to date.

"Other than reporters, no individual or organisation has contacted us in relation to the materials released by Shadow Brokers", the company said. It is said that nearly all versions of Microsoft Windows out there are vulnerable to these tools.

Former CIA whistleblower Edward Snowden described the NSA's hack as the "Mother Of All Exploits", in reference to the massive United States bomb dropped last week on Afghanistan.

"The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded", it said. There has also been speculation that Microsoft may have paid the Shadow Brokers to obtain knowledge of the exploits. On Friday, a hacking group referred to as the "Shadow Brokers" revealed a number of programs that could potentially be used to attack different versions of Windows operating systems.

The company has checked its servers and found no compromise or any vulnerabilities.

Comments