Microsoft mysteriously fixed security gaps allegedly used by US spies a month before they leaked

Taking problem solving to a whole new level.
Taking problem solving to a whole new level.
Image: Reuters/Dado Ruvic
We may earn a commission from links on this page.

On Friday, a cache of hacking tools allegedly developed by the US National Security Agency was dumped online.

The news was explosive in the digital security community because the tools contained methods to hack computers running Windows, meaning millions of machines could be at risk. Security experts who tested the tools, leaked by a group called the Shadow Brokers, found that they worked. They were panicked:

But just hours later, Microsoft announced that many of the vulnerabilities were addressed in a security update released a month ago.

“Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers,” Philip Misner, a Microsoft executive in charge of security wrote in a blog post. “Our engineers have investigated the disclosed exploits, and most of the exploits are already patched.”

Misner’s post showed that three of nine vulnerabilities from the leak were fixed in a March 14 security update. Security commentators were bamboozled. As Ars Technica pointed out, when security holes are discovered, the individual or organization that found them is usually credited in the notes explaining the update. No such acknowledgment was found in the March 14 update. Here’s a list of acknowledgments for 2017, showing credit for finding security problems in almost every update.

One theory among security practitioners is that the NSA itself reported the vulnerabilities to Microsoft, knowing that the tools would be dumped publicly. Microsoft told ZDNet that it might not list individuals who discover flaws for a number of reasons, including by request from the discoverer.

The US government has not commented on this leak, though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden.

The other big revelation from the Shadow Brokers dump is the claim that the NSA infiltrated the SWIFT banking network through a firm called EastNets in Dubai. EastNets has said it has found no evidence its systems were compromised. The Shadow Brokers’ leak suggests that the NSA has “implanted” malware in 16 Middle Eastern banks and other financial firms to collect data. Such a set up could have allowed the NSA to secretly monitor money flows in the region, Wired reported.

For ordinary internet users, it can be hard to decide between heaving a sigh of relief that the security holes have been filled, or feeling even more paranoid that these holes existed in the first place.