Microsoft says users are protected from alleged NSA malware

16 Apr


Up-to-date Microsoft customers are safe from the purported National Security Agency spying tools dumped online, the software company said Saturday, tamping down fears that the digital arsenal was poised to wreak havoc across the internet .

In a blog post, Microsoft Corp. security manager Phillip Misner said that the software giant had already built defenses against nine of the 12 tools disclosed by the Shadow Brokers, a mysterious group that has repeatedly published NSA code. The three others affected old, unsupported products.

“Most of the exploits are already patched,” Misner said.

The post knocked back warnings from some researchers that the digital espionage toolkit made public by the Shadow Brokers took advantage of undisclosed vulnerabilities in Microsoft’s code. That would have been a potentially damaging development because such tools could swiftly be re-purposed to strike across the company’s massive customer base.

Those fears appear to have been prompted by experts using even slightly out-of-date versions of Windows in their labs. One of Microsoft’s fixes, also called a patch, was only released last month .

“I missed the patch,” said British security architect Kevin Beaumont, jokingly adding, “I’m thinking about going to live in the woods now.”

Beaumont wasn’t alone. Matthew Hickey, of cybersecurity firm Hacker House, also ran the code against earlier versions of Windows on Friday. But he noted that many organizations put patches off, meaning “many servers will still be affected by these flaws.”

Everyone involved recommended keeping up with software updates.

No comments yet

Leave a Reply