The National Security Agency notified Microsoft about the vulnerabilities that the agency and the hacker group were aware of in January and Microsoft patched the systems by March.
If documents released by the hack are authentic, it would show that the NSA has compromised a Dubai-based firm that routes bank transfers between countries.
The outstanding question at this point is who tipped off Microsoft of these exploits that were magically patched before Shadow Broker released their wares? That means that concerned customers should be protected if and only if they've kept their software, as well as Windows version, up-to-date.
The Windows flaws were disclosed by the hacking gang Shadow Brokers in a large data dump earlier Friday. It wasn't able to reproduce three of the mentioned exploits on supported platforms so they don't require patches.
Since emerging last summer, the Shadow Brokers organization has published five leaks of zero-days and other vulnerabilities it claims to have taken from the NSA.
Family members mourn the death of Facebook shooting victim
Cleveland police said Steve Stephens broadcast the fatal shooting and they are working to verify his claim of killing others. The suspect, identified by police as Steve Stephens , is described as 6-foot-1, 244 pounds and bald with a full beard.
Banks use the SWIFT messaging system to transfer trillions of dollars every day, and if the documents released are accurate, it appears the NSA wanted access to monitor transfers between banks in the Middle East.
Originally Shadow Brokers tried to auction the vulnerabilities and the tools that were used to exploit them, but there were no takers.
For now, make sure your machine is updated with the latest patches and you will have little to worry about but this latest round of exploits reminds us that modern software is complex, security is hard, and being vigilant in patching does have its rewards. Customers still running prior versions of these products are encouraged to upgrade to a supported offering'. Three of the NSA exploits, which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147, have not been patched but do not work on programs that Microsoft now supports, according to Ars Technica. "In the future, rather than hoard this information, the CIA and other intelligence agencies should commit to responsibly disclosing vulnerabilities it discovers to the private sector so that security holes can be patched".
Previous updates protect customers from the vulnerabilities listed in the dump, the company said.
"If Shadow Brokers' claims are indeed verified, it seems that the NSA sought to totally capture the backbone of [the] worldwide financial system to have a God's eye [view] into a Swift Service Bureau - and potentially the entire Swift network", blogged security researcher Matt Suiche after the latest leak.
Comments