Microsoft says all vulnerabilities to its modern operating systems have been patched after a group of hackers released Friday what they claim to be documents detailing the surveillance tools used by the National Security Agency for its hacking program that can break into millions of Microsoft Windows computers.
In a Friday blog post, the company said it “triaged” the exploits revealed by the Shadow Brokers after customers reached out about security risks posed by the leak.
“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” Microsoft said.
While modern products would seem to be in the clear, Microsoft said any computers running an OS older than Windows 7, including Windows Vista and XP which no longer receive patches, are still at risk. The company encouraged users with these older versions “to ensure their computers are up-to-date.”
The tools, revealed by the Shadow Brokers, are designed to hack into Microsoft Windows operating systems and some of the documents suggest that the agency used them to target the SWIFT banking system, a worldwide network of financial institutions. Specifically they appear to show the NSA targeted an office in Dubai for EastNets, and anti-money laundering and financial services firm.
Earlier in the day Friday, before Microsoft said the bugs had been addressed, hackers and cyber experts had been playing up the potential danger to Microsoft users posed by the leak as they parsed through the documents.
“It’s not safe to run an Internet-facing Windows box right now,” a hacker who used to work in the Defense Department told Motherboard. The unnamed hacker also said, “this is the worst thing since Snowden.”
Former NSA contractor Edward Snowden warned on Twitter that “this is not a drill.”
Snowden, who was granted asylum in Russia since 2013 after he leaked secret information from the NSA’s surveillance programs, tweeted that these NSA “exploits affecting many fully-patched Windows systems have been released to the wild. NSA did not warn Microsoft.”
Snowden mentioned that Microsoft “needs to take real action” in response to the leak, to which computer security researcher Matt Suiche, founder of UAE-based Comae Technologies, suggested that Microsoft may have been tipped off by “someone.”
On contrary, looks like Microsoft had been informed by “someone”, and purposely delayed last Patch Tuesdays to successfully deliver MS17-010 https://t.co/lbuKpolgYj
— Matthieu Suiche (@msuiche) April 15, 2017
