Windows consumers woke up on Saturday to some good news: Microsoft says it has already patched a series of potentially catastrophic hacks, published on Good Friday by the hacker group known as the Shadow Brokers.
The hacks amounted to vulnerabilities in Microsoft software that let intruders take over machines running Windows software. The vulnerabilities had been discovered and used by the NSA, but the Shadow Brokers (a group widely believed to be a front for the Russian government) stole the NSA files, and has been publishing them in a series of blog posts.
The Good Friday disclosure set off major alarms from people in the security community, who warned that amateur hackers across the world could use them to spread havoc, creating a “Microsoft apocalypse.” But Microsoft, which initially stated only that it was investigating the matter, added on late Friday night that it already patched most of the vulnerabilities.
“Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.”
The company added that some of the older versions of Windows, such as Vista, might be still exposed since Microsoft no longer maintains those versions.
The episode has raised questions about the behavior of the NSA, and whether it did enough to warn people that its Microsoft hacking tools had been stolen and could be published.
A Twitter account read by many in the cyber-security community, however, reported on Saturday that the NSA did warn Microsoft last month, allowing the company to patch the vulnerabilities in time. The account, known as @SwiftonSecurity, also said the uproar among security professionals on Friday occurred because Microsoft did not include the patches among its most recent test software—meaning the Shadow Brokers hacking tools worked in test situations:
It appears Microsoft received a private warning from the NSA, which they have to publicly deny receiving. They patched them last month.
— SwiftOnSecurity (@SwiftOnSecurity) April 15, 2017
Because there was no indication Microsoft patched these bugs, researcher systems did not include last month's patches, so they still worked.
— SwiftOnSecurity (@SwiftOnSecurity) April 15, 2017
The bottom line is that the worst fears about the Good Friday Microsoft hacks did not come to pass. But the episode brings new attention to the fragile nature of popular software programs, and the way in which they are exploited by spy agencies and others.