Cybersecurity

Microsoft says it's all patched up

Shutterstock image. Copyright Sergey Nivens.  

Microsoft's "Patch Tuesday" is a cybersecurity ritual, but the company faced a potential off-day crisis when the Shadow Brokers chose Good Friday to release a trove of exploits of Microsoft products.

The latest Shadow Brokers release, "Lost in Translation," included a folder full of Windows exploits that cybersecurity experts initially characterized as the most devastating release of National Security Agency tools to date. @hackerfantastic referred to it on Twitter as a "Microsoft Apocalypse."

Microsoft, however, said that the potential damage had already been contained.

"Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post.

"Of the three remaining exploits, 'EnglishmanDentist', 'EsteemAudit', and 'ExplodingCan', none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk," Microsoft stated. "Customers still running prior versions of these products are encouraged to upgrade to a supported offering."

Microsoft told the Intercept and other outlets on April 14 that, "at this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers."

However, that statement does not preclude the possibility that Microsoft could have received a more general warning about exploits that did not specifically reference the Shadow Brokers. Microsoft declined to address any further questions from FCW on the subject.

A former senior intelligence official who spoke to FCW on condition of anonymity said that, hypothetically, something like the August 2016 announcement by the Shadow Brokers that they were in possession of stolen NSA tools would have triggered internal discussions about whether private vendors should be warned about vulnerabilities and potential exploits.

The former official stated that it is government policy not to confirm whether the stolen data belonged to the NSA, and he could not confirm or deny whether any outreach has taken place to warn vendors of vulnerabilities.

However, the source added that if a vendor had already patched a vulnerability, then the government's Vulnerabilities Equities Process would not require disclosure.

That means that while those who had updated their systems would be immune from an exploit, that tool could still be used by the government or anyone else against unpatched devices -- so the tools would still be of value. As has been the case with previous Shadow Brokers releases, the exploits and tools they claim to have stolen from the NSA are several years old, and in the case of the Microsoft exploits, they appear to have been rendered harmless by patches and updates over the years.

But as the former official said, government agencies and individuals have a poor track record of patching and updating, so while Microsoft might have done its part to inoculate against the Shadow Brokers' leak, there is no way to know how many devices remain vulnerable.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.