NSA Hacks: Microsoft Reinforced Defects Left Wide-Open By Leak

Wednesday, 19 Apr, 2017

Last summer the group auctioned off a number of NSA exploits.

The tools are said to have been created by the US National Security Agency (NSA), and accompanying documents appear to indicate a possible breach of the Swift global banking system.

"Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers", Philip Misner, a Microsoft executive in charge of security wrote in a blog post.

According to another report in Fortune, the group - believed to be tied to the Russian government - also released a set of confidential hacking tools used by U.S. intelligence organisation the NSA to exploit software vulnerabilities in Microsoft Windows software.

Security researchers have taken to social media sites to speculate on the circumstances that led to Microsoft killing all four of would-be zerodays one month before they were published on the Internet. Reports show the exploits attacked the SWIFT messaging system which transfers billions in national currencies every day. One such researcher, Matthew Hickey (known as "Hacker Fantastic") later noted that his tests were run on a fresh install of Windows - in other words, it was missing March's patches - which as a result he later discounted.

An exploit for the SMBv1 protocol that Microsoft patched last week, in April 2017's Patch Tuesday. Cisco Systems Inc has previously acknowledged that its firewalls had been vulnerable. Belgium-based SWIFT on Friday downplayed the risk of attacks employing the code released by hackers and said it had no evidence that the main SWIFT network had ever been accessed without authorization. There has also been speculation that Microsoft may have paid the Shadow Brokers to obtain knowledge of the exploits. Some of the records bear NSA seals, but Reuters could not confirm their authenticity. ASA stands for Adaptive Security Appliance and is a combined firewall, antivirus, intrusion prevention and virtual private network, or VPN.

Some of the exploits allegedly used by the NSA relied on vulnerabilities in older and not-supported SKUs (stock-selling units) of Windows Server, according to Matt Suiche, founder of the security firm Comaeio, who named Windows 2003 specifically. The most recent fix was sent out in March, 2017, about a month before the revelations.

Beaumont said there was bad news in the release for Microsoft as well.

Without any explanation from Microsoft, the incident has forced reconsideration of how this kind of exploit is handled.

"Customers still running prior versions of these products are encouraged to upgrade to a supported offering", the company said.

NSA whistleblower Edward Snowden even chimed in on the claims that EastNet weren't compromised, with the official Twitter page to EastNet responding to the situation tweeting "No credibility to the online claim of a compromise of EastNets customer information on its SWIFT service bureau".

"Eastnets' claim is impossible to believe", said Kevin Beaumont, who was one of several experts who spent Friday combing through the documents and trying out the code.