Microsoft: All security issues from NSA leaks patched in current software

Microsoft: All security issues from NSA leaks patched in current software
© Getty

Microsoft says all of the security flaws exposed in Friday's leak of National Security Agency (NSA) hacking tools were already fixed in supported versions of its software. 

In a late Friday blog post, a top Microsoft security figure lists the NSA hacking tools published Friday by the leakers known as "The Shadowbrokers," and notes the specific software update that patched each flaw that every individual tool exploited.

"Today, Microsoft triaged a large release of exploits made publicly available by ShadowBrokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates," Phillip Misner, principal security group manager of the Microsoft Security Response Center, wrote in the corporate blog post.

The ShadowBrokers have been leaking NSA hacking tools since August. Until January, the group regularly posted source code paired with letters written in broken English offering to auction or sell the remaining archive of tools.

The ShadowBrokers resurfaced last week with a release of files it said were meant as a protest against President Trump abandoning the populism he campaigned on. Friday's release, containing Windows hacking tools and evidence the NSA may have hacked a slew of banks in the Middle East, once again offered the tools for sale, suggesting the federal government pay them to stop leaking.

The ShadowBrokers files were years old, but secret vulnerabilities can have a long shelf life. According to the blog, some of the security flaws the NSA tools took advantage were not patched until March.

Since Microsoft no longer issues patches for operating systems prior to Windows 7, some of the hacking tools will forever work on out-of-date computers, including those that run Windows Vista, Windows XP and other versions. 

"Customers still running prior versions of these products are encouraged to upgrade to a supported offering," reads the blog.

If Microsoft is correct that its software has been patched, the company sidesteps one of the grave concerns of ShadowBrokers-style leaks. In an earlier leak, the ShadowBrokers released still-working tools to bypass security hardware from Juniper Networks, Cisco and other manufacturers. That forced companies to scramble to patch tools hackers could easily download and use.