Microsoft Patches Shadow Brokers Exploits, Updates Privacy Controls

The hacking group Shadow Brokers last week revealed a large number of Windows vulnerabilities it claims to have stolen from the National Security Agency (NSA), but Microsoft said Friday that it has already patched most of them. The company has also rolled out new privacy settings through its recent Creators Update.

Nine exploits released by the Shadow Brokers have already been patched, while three others only affected users running older, unsupported versions of the Windows operating system, said principal security group manager Phillip Misner on Microsoft's TechNet IT portal. Misner said anyone with those older versions should upgrade their systems to avoid the vulnerabilities.

Since emerging last summer, the Shadow Brokers organization has published five leaks of zero-days and other vulnerabilities it claims to have taken from the NSA. The exploits the group revealed Friday included Windows vulnerabilities as well as hacking tools apparently used by the NSA to monitor messages about financial transactions through the SWIFT telecommunications network for banking.

'Lost in Translation' Leak

Described as the "Lost in Translation" leak, the Shadow Brokers' latest release has been called the group's most damaging dump to date by some news sources. The leak reportedly included "mentions of previously disclosed NSA top secret programs and software," according to Motherboard. The leak also included a tool that appeared to be linked to the Stuxnet computer worm that caused extensive damage to Iran's nuclear facilities in 2010.

The SWIFT-focused hacking tools included in last week's leak indicate "the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks," Reuters reported on Friday. Misner noted on the TechNet site that Microsoft has already patched many of the Windows exploits revealed in the leak.

"Of the three remaining exploits, 'EnglishmanDentist', 'EsteemAudit', and...

Comments are closed.