After a month-long delay of Windows 10 security patches raised suspicions back in February, Microsoft appears to have silently fixed some Windows vulnerabilities that the NSA and potentially “The Shadow Brokers” hacking group were exploiting. The company revealed this on Friday after The Shadow Brokers released an entire set of NSA exploits online.
Shadow Brokers And The NSA
Back in August 2016, the Shadow Brokers hacking group claimed to have all the exploit tools used by the “Equation Group,” which was previously linked to the NSA and thought to be the creators of sophisticated malware such as Stuxnet, Duqu, and Flame.
Since then, the group released some of the vulnerabilities, but it kept most of them to itself to make them available for auctions. In January of this year, the group announced another auction for Windows exploits. The exploits it released on Friday seem to match the ones the group tried to sell in January.
Some of the Windows vulnerabilities that were enabling the exploits seemed quite serious, such as remote code execution bugs. One tool called “FUZZBUNCH” seems to have allowed NSA’s Equation Group agents to more easily infect vulnerable Windows computers remotely by automating the malware deployment process.
Microsoft Reacts To Shadow Brokers’ Release
Later on Friday, Microsoft published a blog post in which it revealed that most of the vulnerabilities mentioned in The Shadow Brokers’ leak were fixed in a March 14 update.
This seems to have raised some questions about whether or not the NSA informed Microsoft about the exploits The Shadow Brokers were auctioning. Considering these were NSA’s exploit tools in the first place, that meansthe intelligence agency could have alerted Microsoft about the vulnerabilities last year, if it had wanted to do so.
Microsoft claimed that no individual or agency has been in contact about The Shadow Brokers’ exploit tools. This would normally mean either that Microsoft somehow found (or purchased) all the vulnerabilities The Shadow Brokers were auctioning off, or perhaps that someone anonymously alerted Microsoft about the bugs.
We may never know how exactly Microsoft found out about the vulnerabilities, but we do know that Microsoft’s February omission of security updates was highly out of the ordinary. However, the company has mostly kept quiet about that, too, also choosing to silently release the following March 14 updates without any explanation for why users were denied the February security patches.
The good news is that all the serious bugs owned by both the Shadow Brokers and the NSA’s top hacking group have been fixed. Therefore, even though the bugs were made public by the hacking group, they can’t be used against you anymore. One caveat here is that you have to have at least the March 14 Windows updates installed; otherwise you would be vulnerable.