Microsoft quietly patched Shadow Brokers' hacking tools

But the company won't say who the source of the vulnerability was, and that's a problem.
Written by Zack Whittaker, Contributor

Microsoft has confirmed that most of the NSA's hacking tools designed to target Windows published earlier this week have been patched.

A spokesperson said in an email in the middle of the night that the company has "investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products."

The company followed in a late-night blog post noting that nine of the disclosed exploits were patched as recently as March (which may have led to the unprecedented delay in releasing February's monthly round of fixes). Meanwhile, three other exploits weren't able to be reproduced on supported platforms and didn't require patches.

Those exploits could have allowed an attacker to compromise affected computers on a range of Windows versions.

Microsoft isn't expected to fix some of the bugs as they affect versions of Windows that are no longer supported. (In other words, if you're still running an aged version of Windows, now might be a good time to upgrade.)

This entire saga all started Friday after a hacker group known as the Shadow Brokers released tools designed to target Windows PCs and servers, along with presentations and files purporting to detail the agency's methods of carrying out clandestine surveillance.

Some of the tools appeared to target the SWIFT banking system, according to classified documents found in the cache.

Security researchers spent most of the day trying to figure out how the various exploits worked by testing the exploits in various virtual machines in their respective labs.

Some of those claims were rolled back, because Microsoft's lack of transparency on the details of the patches at the time of testing. Security commentator SwiftOnSecurity explained the situation fairly, saying their initial assessments were made "because there was no indication Microsoft patched these bugs, researcher systems did not include last month's patches, so they still worked."

Though patches have been rolled out, questions remain about the disclosure process.

Microsoft, and other companies, regularly receive disclosure reports from security researchers, and almost always acknowledge their work in a separate note.

But even though Microsoft had patched the flaws, the company didn't say what the source of the vulnerability report was -- a practice so uncommon that it almost never happens. Renown security researcher The Grugq in a tweet. He suggested that the NSA had been in contact directly about the vulnerabilities, which it lost control of when the Shadow Brokers obtained a copy of the agency's hacking toolkit, and knew which exploits were at risk as early as January.

The government and its agencies more often receive public acknowledgement for their disclosures when they report flaws.

Microsoft said on Friday that, "other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers."

A spokesperson clarified that the company "may not list an acknowledgement for reasons including reports from employees, requests for non-attribution, or if the finder doesn't follow coordinated vulnerability disclosure."

Editorial standards