This article was last updated 8 years ago

Microsoft

Yesterday, an elusive group of hackers, who go back by the name Shadow Brokers, released a massive dump of Windows exploits that were allegedly stolen from the NSA. The documents, which are at least a few years old, also include a bunch of slideshows that clearly illustrate the whole process of targeting banking systems, but Microsoft has finally chimed in.

Through an official blog post released on Saturday, the Redmond giant has confirmed that it has already patched most of the exploits and it is completely safe to use all supported versions of Windows. And this is not a statement to reassure the anxious populace as the company mentions that it has evaluated all of the exploits released in the dump.

The official statement from Phillip Misner, Principal Security Group Manager at Microsoft reads:

Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation.

As Microsoft mention in the blog post, it has already patched most of the exploits released by the hacker group, which means you’re safe to use any version of Windows 7 and above. If you’re reading closely, the Redmond giant has reiterated that a supported version of Windows has no vulnerabilities detailed in the data dump. This means unsupported and older versions, such as Windows Vista or Windows XP are possibly still vulnerable to three exploits, which didn’t return any results for supported platforms.

[This] means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk. Customers still running prior versions of these products are encouraged to upgrade to a supported offering.

While Microsoft didn’t explicitly accept that these three exploits affect unsupported versions, it did suggest Windows users to update their systems to the latest offerings. And this would be a wise decision on your part because Redmond is highly unlikely to spend time on patching exploits in unsupported iterations of their product. They would decide it’s better to work on building new features for the upcoming major update for Windows 10, scheduled for later this year.

Microsoft’s response to the leaks comes several hours after Shadow Brokers’ dumped a treasure trove of alleged NSA-leaked data on the interwebs. This got security researchers across the globe extremely worried and some even suggested Windows users to just turn off their machines for the weekend (and maybe turn them on to fix the issues!? lol).And now, even though Redmond has confirmed that it has patched all exploits, they’re looking closely at four of the exploits which were patched just last month — via monthly update patch cycle.

And now, even though Redmond has confirmed that it has patched all exploits, they’re looking closely at four of the exploits which were patched just last month — through its monthly update cycle.

Also, as you might already be aware, Microsoft acknowledges the individuals or groups who help them weed out vulnerabilities in its system (even awards them via bug bounty programs) but one of the issues patched in March has no name attached to it. This has been sighted by Twitter user @thegrugq, who states no name is listed for the MS17-010 patch. Now, it could be sheer luck but someone did tip off Redmond about the flaws — which were fixed simultaneously, saying they could become public a couple odd months.

But, everything is now out of harm’s way. You can seamlessly enjoy your Windows experience (on supported platforms) without any fear.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.