{"id":507657,"date":"2017-04-17T06:32:00","date_gmt":"2017-04-17T04:32:00","guid":{"rendered":"http:\/\/nhub.news\/?p=507657"},"modified":"2017-04-17T17:21:20","modified_gmt":"2017-04-17T15:21:20","slug":"microsoft-past-patches-address-leaked-nsa-exploits","status":"publish","type":"post","link":"http:\/\/nhub.news\/de\/2017\/04\/microsoft-past-patches-address-leaked-nsa-exploits\/","title":{"rendered":"Microsoft: Past patches address leaked NSA exploits"},"content":{"rendered":"

The patches — one of which was issued last month — address the exploits found in the Shadow Brokers leak<\/b>
Microsoft said it has already patched vulnerabilities revealed in Friday\u2019s high-profile leak of suspected U. S. National Security Agency spying tools, meaning customers should be protected if they\u2019ve kept their software up-to-date.
Friday\u2019s leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008.
However, Microsoft said several patches — one of which was made only last month — address the vulnerabilities.
\u201cOur engineers have investigated the disclosed exploits, and most of the exploits are already patched,\u201d the company said in a blog post late on Friday.
Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.
\u201cCustomers still running prior versions of these products are encouraged to upgrade to a supported offering,\u201d the company said.
Matthew Hickey, director of security firm Hacker House, has looked over the leaks and agrees with Microsoft\u2019s assessment.
He advises that businesses, which often delay patches for operational purposes, move quickly to install the Microsoft fixes to mission critical servers. Hickey demonstrated in a video that one of the exploits in the leak can easily trigger remote code execution in a machine running Windows Server 2008 R2 SP1.
The patch, MS17-010 , addresses the exploit. Microsoft issued the fix last month, but it\u2019s unclear how the company learned of the security issue.
\u201cMicrosoft doesn’t credit anyone for the report behind the March patch,\u201d tweeted former NSA contractor Edward Snowden. He wonders whether the NSA tipped off Microsoft.
Friday\u2019s high-profile leak was the latest disclosure from a mysterious group known as the Shadow Brokers. The group has been posting files suspected to originate from the NSA since last August.
Security experts say Friday’s disclosure is probably another blow to the U. S. spy agency. The Shadow Brokers have also warned they have more files to release.<\/p>\n

\n
Similarity rank: 1<\/div>\n<\/div>\n