The company confirmed to ZDNet that it had reversed course on releasing patches for the exploits, which Microsoft said earlier this year only affect older operating systems that have since been retired, notably Windows XP and Windows Server 2003.
Microsoft patched the vulnerabilities in all supported versions of Windows in the April update, but left three exploits remaining. The company said that the flaws only affected older versions of Windows, and users should upgrade.
"These vulnerabilities are quite serious and still widespread, even with the affected systems having been 'out of service' for some time," said Sean Dillon, senior security analyst for cybersecurity firm RiskSense, in an email.
"Independent discovery for some of the fixed vulnerabilities occurred before the Shadow Brokers leak, indicating researchers and malware authors are still interested in finding problems in legacy versions of Microsoft products. While releasing the patch should be considered the correct proactive approach from Microsoft given current events, there's no indication that the practice will continue," he added.
He said that potentially "hundreds of thousands, and potentially millions" of vulnerable systems pose an "imminent" threat of exploitation.
"The greatest threat is not necessarily ransomware. Installation of stealthier malware, such as banking spyware and key-loggers, as well as exfiltration of intellectual property or classified information, is a huge risk if an attacker is able to breach into the internal network and install back-doors," he added.
"Organizations should look at the patches released today as a temporary solution and continue to upgrade legacy systems to supported versions."
Microsoft said that the decision to patch the flaws was a "rare move," adding that it "should not be viewed as a departure from our standard servicing policies."
"Based on an assessment of the current threat landscape by our security engineers, we made the decision to make updates available more broadly," the company said, but urged users of older operating systems to upgrade as soon as possible.
"The move by Microsoft to patch these vulnerabilities will be read by many as a signal that there is no real need to update their legacy operating systems," said Jake Williams, founder of Rendition Infosec, a security consultancy group.
"This is the third time Microsoft has updated legacy operating systems (XP) to reduce exposure to vulnerabilities being exploited in the wild. Given that Microsoft has never left legacy operating systems exposed to a widely exploited vulnerability, organizations can conclude this behavior will likely continue in the future," he said.
"But newer versions of the operating system have many built in exploit mitigations that make the attacker's job dramatically more difficult, even when exploiting a known vulnerability," he added.
Microsoft did not outright say that the NSA was behind the exploits targeting Microsoft operating systems, but did confirm in a blog post that the hacking tools were the result of "nation-state activity."