Microsoft Confirms NSA Hacking Loophole Patched in Windows

However, Microsoft said several patches one of which was made only last month address the vulnerabilities. Security researchers initially feared that the release of information about these insecurities would lead to spike in hack while Microsoft scrambled to patch the problems after the disclosure.

Hacking group “Shadow Brokers” released a series of documents on Friday suggesting that the NSA had hacked into EastNets, which acts as a service bureau for the global Swift transaction system for financial institutions in Middle East.

Experts believe the hacker group behind the leak, “Shadow Brokers”, is connected with Russian government.

“Our  engineers have investigated the disclosed exploits, and most of the exploits are already patched”, the company said in a blog post late on Friday.

Microsoft did not immediately respond to a request for comment.

Friday’s disclosure is likely to add concerns about the security of the SWIFT network, following on from a major theft of funds from Bangladesh’s central Bank in February of previous year that involved fraudulent SWIFT transfers.

But the organisation said that the local messaging system of some SWIFT client banks had been breached.

A hacking group has dumped a collection of spy tools allegedly used by the National Security Agency online. ASA stands for Adaptive Security Appliance and is combined firewall, antivirus, intrusion prevention and virtual private network, or VPN.

Microsoft had already fixed a number of Windows security vulnerabilities before they were revealed last week by the ‘Shadow Brokers’ – a group that has released several leaks about the inner workings of the NSA. Suiche noted EasyNets ran Windows Server 2008 R2 which could be exploited with the FUZZBUNCH hacking tools framework.

Misner listed nine exploits included in the Shadow Broker’s dump, and named the security updates that patched the vulnerabilities each exploit leveraged. The most recent fix was sent out in March, 2017, about a month before the revelations.

Microsoft said three exploits don’t reproduce on “supported platforms’ meaning people should upgrade to Windows 7 or a newer version.

Zero-day exploits for Microsoft software. The company’s security system are capable of detecting attacks against customers, and Microsoft in the past has monitored discussion about exploits on the Internet and also hired former  intelligence agency veterans to help it devise programming to protect its software from encroachment

EastNets has said it has found no evidence its system were compromised.

 

Leave a Reply