Microsoft says users are protected from alleged NSA malware

Microsoft says users are protected from alleged NSA malware

IT

On Friday, the Shadow Brokers released a number of what it said were NSA exploits for many versions of Windows and also details of what were said to be NSA intrusions into the SWIFT banking system.

Although some records bear NSA seals, their authenticity has yet to be confirmed. In January of this year, the group announced another auction for Windows exploits.

Some of the Windows vulnerabilities that were enabling the exploits seemed quite serious, such as remote code execution bugs. The NSA has not yet commented on the leak.

Microsoft researchers were working late into the hours the Friday before this holiday weekend looking to address yesterday's Shadow Brokers dump of Windows exploits.

Coverage for the exploits and tools disclosed by the Shadow Brokers is available through Cisco's security products, services, and open source technologies. There are trillions of dollars per day that get transferred through SWIFT, with over 11,000 banks and securities organizations in over 200 countries using SWIFT.

The hacks amounted to vulnerabilities in Microsoft software that let intruders take over machines running Windows software.

". customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk", the company said. Microsoft (MSFT.O) stopped releasing routine security updates for Windows XP in 2014, but some businesses and individual users continue to use Windows XP.


Those exploits could have allowed an attacker to compromise affected computers on a range of Windows versions.

Besides a cache of potentially damaging zero-day exploits against many versions of Windows, another element of today's Shadow Brokers release is a folder titled SWIFT.

"This isn't a data dump, this is a damn Microsoft apocalypse", tweeted a security researcher who goes by the name Hacker Fantastic. Among the issues patched by Microsoft this year are a trio of attacks known as EthernalBlue, EternalRomance and EternalSynergy against Microsoft's SMB Server, that were patched in March 2017.

Due to the detailed description of service bureau infrastructure in the Shadow Brokers documents, Suiche believes the leak could be harmful to the SWIFT network.

Microsoft said in a statement to the BBC that it was "reviewing the report and will take the necessary actions to protect our customers". Belgium-based SWIFT on Friday downplayed the risk of attacks employing the code released by hackers and said it had no evidence that the main SWIFT network had ever been accessed without authorization.

The fact that Microsoft had previously patched some of the newly exposed vulnerabilities has gained particular attention, since it would appear that someone may have tipped off the company about the security issues before the Shadow Brokers could leak them.

  • Terrell Bush