Past patches address leaked NSA exploits

The US National Security Agency used unpatched firewall and Windows flaws to access the systems of service providers linked to the SWIFT global money-transfer network, according to files and documents published on Friday.

Nine exploits released by the Shadow Brokers have already been patched, while three others only affected users running older, unsupported versions of the Windows operating system, said principal security group manager Phillip Misner on Microsoft's TechNet IT portal.

Microsoft on Friday said it had patched most of the Windows vulnerabilities purportedly exploited by the National Security Agency (NSA) using tools that were leaked last week. It is possible that Microsoft was privately contacted by someone within the NSA who was aware that Shadow Brokers was going to leak the exploits. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched". While Windows computers that run up to date versions of Windows aren't at risk for these exploits, there are a lot of machines that are still running Windows XP and are no longer supported by Microsoft, and these machines are vulnerable. "In the future, rather than hoard this information, the CIA and other intelligence agencies should commit to responsibly disclosing vulnerabilities it discovers to the private sector so that security holes can be patched". They also stated the hacking tools from "Shadow Brokers" is several years old.

Of the three remaining exploits, "EnglishmanDentist", "EsteemAudit", and "ExplodingCan", none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk.

"We encourage customers to ensure their computers are up-to-date", Misner wrote in the post.

Since the release of the blog post, security researchers have been speculating about why Microsoft mitigated these specific attacks a full month before they were published online, Ars Technica reported. The exploits the group revealed Friday included Windows vulnerabilities as well as hacking tools apparently used by the NSA to monitor messages about financial transactions through the SWIFT telecommunications network for banking. Remember the February Patch Tuesday delay that was possibly the first time ever Microsoft didn't send security updates? Microsoft hasn't specified how it identified the issues and managed to fix them all before the flaws reached the Internet. The mistake has led many in the industry to rethink how they test leaked exploits.

Friday's high-profile leak was the latest disclosure from a mysterious group known as the Shadow Brokers. "If you didn't yet, you should upgrade your OS to Windows 10 ASAP".

Microsoft said four of the 12 vulnerabilities had been patched in a regular monthly update in March, with another five patched in earlier updates. "We may not list an acknowledgement for reasons including reports from employees, requests for non-attribution, or if the finder doesn't follow coordinated vulnerability disclosure", the company said in response.

  • Arturo Norris