Microsoft says all of the security flaws exposed in Friday's leak of National Security Agency (NSA) hacking tools were already fixed in supported versions of its software.
In a late Friday blog post, a top Microsoft security figure lists the NSA hacking tools published Friday by the leakers known as "The Shadowbrokers," and notes the specific software update that patched each flaw that every individual tool exploited.
"Today, Microsoft triaged a large release of exploits made publicly available by ShadowBrokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates," Phillip Misner, principal security group manager of the Microsoft Security Response Center, wrote in the corporate blog post.
The ShadowBrokers have been leaking NSA hacking tools since August. Until January, the group regularly posted source code paired with letters written in broken English offering to auction or sell the remaining archive of tools.
The ShadowBrokers files were years old, but secret vulnerabilities can have a long shelf life. According to the blog, some of the security flaws the NSA tools took advantage were not patched until March.
Since Microsoft no longer issues patches for operating systems prior to Windows 7, some of the hacking tools will forever work on out-of-date computers, including those that run Windows Vista, Windows XP and other versions.
"Customers still running prior versions of these products are encouraged to upgrade to a supported offering," reads the blog.
If Microsoft is correct that its software has been patched, the company sidesteps one of the grave concerns of ShadowBrokers-style leaks. In an earlier leak, the ShadowBrokers released still-working tools to bypass security hardware from Juniper Networks, Cisco and other manufacturers. That forced companies to scramble to patch tools hackers could easily download and use.