HomeWinBuzzer NewsMicrosoft Already Patched Stolen NSA Windows Exploit

Microsoft Already Patched Stolen NSA Windows Exploit

All supported versions of Windows are patched against an NSA created exploit that was stolen and then published by hacking group Shadow Brokers.

-

Plenty of users would have been concerned over the weekend. It emerged that a hacker group called “Shadow Brokers” published numerous that affect the Windows OS. The group also released information that the exploits had been created by the NSA. More worrying, the tools had then been stolen for the government agency.

Naturally, organizations and individuals running Windows were left concerned that they had been breached. has eased some of that concern today with confirmation that it has already patched Windows to stop these exploits.

The Shadow Brokers released tools that are years old. Microsoft says that the exploits do not affect Windows 10, which has been patched. The company adds that all versions of the OS that it currently supports are also patched.

This means Windows 7 (currently in extended 5-year support) and Windows 8.1 are definitely secured. Windows XP has left support, so it is not patched, while Windows Vista left support last week, so perhaps it was fixed in time.

If anything, situations like this show that Microsoft's instance that customers upgrade to newer builds is important. XP is still widely used by millions of enterprise users, but it is wide open to exploits such as this.

Of course, the most worrying aspect of this whole episode is that the US government has the ability to create and then lose such exploits. The good news is, Microsoft somehow found out about the exploits before they were made public.

Making a Fix

“When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation,” the company says.

“We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed. Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.”

Some researchers point out that Microsoft has patched using a different naming method for reports. This could mean that the company was tipped off by either the NSA or indeed the hacking group.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News

Mastodon