Microsoft Fixed The Shadow Brokers' Bugs In Silent March Update
- Author: Carolyn Briggs Apr 18, 2017,
Apr 18, 2017, 6:20
The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency's own hacking tools were stolen?
"Our engineers have investigated the disclosed exploits, and most of the exploits are already patched", said Microsoft in a blog posted last Friday. Microsoft typically reveals who reported various security flaws, but one researcher noticed that the company issued patches with the MS17-010 update last month, fixing some of the newly revealed NSA exploits, without noting any source for flaw reports.
The documents posted by the Shadow Brokers include Excel files listing computers on a service bureau network, user names, passwords and other data, Suiche said.
"This is not a drill: NSA exploits affecting many fully-patched Windows systems have been released to the wild".
TheShadowBrokers, which startled the security experts past year by releasing some of the NSA's hacking tools, has resumed pouring secrets into the public domain, this time by publishing purported details of the NSA's operations against banks across the Arab world.
"Customers still running prior versions of these products are encouraged to upgrade to a supported offering", reads the blog.
Microsoft heard the outcry from consumers, PC security analysis, and privacy advocates warning about the implications.
The breach, which was carried out due to vulnerabilities in older versions of Microsoft Windows software, allowed NSA spies to monitor money flows among some Middle Eastern and Latin American banks. But Microsoft released a statement saying they had analyzed the malware and that most of the vulnerabilities had already been patched-years ago in some cases, and most recently as March.
Security researcher Kevin Beaumont, who examined the exploit, said in a tweet that the tool was "very well" built.
There has also been speculation that Microsoft may have paid the Shadow Brokers to obtain knowledge of the exploits.
The exact timing of when software companies get apprised of vulnerabilities is an important concern because of what it says about the effectiveness of the U.S. Vulnerability Equities Process (VEP). Suiche noted EasyNets ran Window Server 2008 R2 which could be exploited with the FUZZBUNCH hacking tools framework.
"Based on the information contained in the data dump, the NSA has been able to compromise SWIFT banking systems, presumably as a way to monitor, if not disrupt, financial transactions to terrorists groups".
Security expert Matthew Hickey, co-founder and director of cybersecurity firm Hacker House, is particularly troubled by the leaks and its scope.