Microsoft already fixed the 'Shadow Brokers' exploits on supported versions of Windows
Say what you want about Microsoft, but the company stays on top of security. Yeah, it may issue more patches and fixes for Windows compared to some other operating systems, but that doesn't necessarily mean the OS is less secure -- it could mean that the company is simply more proactive and transparent than others. Quite frankly, I'd rather get many patches than be lulled into a false sense of security.
When hacking group "Shadow Brokers" started leaking NSA-discovered exploits, many people were understandably worried. While the leaks would enable operating system makers to issue patches -- thereby making the OS more secure -- it also meant that before the fixes were issued, many computers would be at an increased risk. Luckily, when it comes to the recently leaked Windows exploits, Microsoft was already prepared -- currently supported versions of the operating system are not impacted.
"Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation," says Phillip Misner, Principal Security Group Manager, Microsoft Security Response Center.
Misner further says, "When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation. We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed. Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation."
|"EternalBlue"||Addressed by MS17-010|
|"EmeraldThread"||Addressed by MS10-061|
|"EternalChampion"||Addressed by CVE-2017-0146 and CVE-2017-0147|
|"ErraticGopher"||Addressed prior to the release of Windows Vista|
|"EsikmoRoll"||Addressed by MS14-068|
|"EternalRomance"||Addressed by MS17-010|
|"EducatedScholar"||Addressed by MS09-050|
|"EternalSynergy"||Addressed by MS17-010|
|"EclipsedWing"||Addressed by MS08-067|
Microsoft explains that it fixed the above Shadow Brokers leaked exploits using the corresponding solution. The ones not listed ("EnglishmanDentist", "EsteemAudit", and "ExplodingCan") don't affect supported versions of the company's operating systems, such as Windows 7 and 10. In other words, if you are running Windows Vista or below, you should move to a newer version ASAP.
Are you impressed that Microsoft was already on top of these exploits? Tell me your thoughts in the comments below.