Yesterday, the computer security industry woke up to the news that a hacker group known as “Shadow Brokers” had released a handful of exploits for Windows operating systems, along with details about how these tools had been created by and stolen from the NSA. While alarms are ringing about the US government’s ability to hack consumer PCs, Microsoft has fortunately come forward to clarify that Windows has already been patched to prevent use of these exploits.
It turns out that the hacking tools released by Shadow Brokers were all several years old, and Microsoft states that not just Windows 10 has been patched, but all versions of the operating system that are currently supported. That doesn’t mean much for users still clinging to Windows XP or Vista, as they are no longer receiving security updates, but this situation just emphasizes the need to upgrade to a newer OS.
For now, it’s not exactly clear how Microsoft found out about these exploits or who tipped them off. In a statement to Reuters, the company says “Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” indicating that the NSA itself made no attempt to warn Microsoft.
However, security researcher @thegrugq has pointed out that the patch MS17-010 broke Microsoft’s pattern of acknowledgements for sources of security exploits, with no names given for submitted reports. This could suggest that the NSA, or even individuals from another hacking group, may have given Microsoft the heads up.
NOTE: You’ll find a list of software patches listed by Microsoft, along with the keyword EternalBlue. You’ll find EternalBlue appear in the future as a key point in history – where it was apparent that the NSA’s failure to report Windows flaws to Microsoft would result in situations well beyond their control.