Dive Brief:
- The hacker group known as Shadow Brokers released a large number of exploits targeting older Windows computers on Friday, but Microsoft quickly reassured customers that the majority of the exploits have already been patched, according to a Microsoft announcement Friday.
- Microsoft said the vulnerabilities for four would-be zeroday exploits were patched last month. Security experts, meanwhile, speculate that someone from the NSA gave Microsoft a heads-up that the exploits were coming, as the timing is a bit coincidental, Ars Technica reports.
- The latest Shadow Brokers release last week also included presentations and files pertaining to collecting data from SWIFT, a financial messaging service that was compromised in the 2016 Bangladesh Bank cyber heist.
Dive Insight:
Last summer, the Shadow Brokers claimed to have stolen hacking tools belonging to the National Security Agency and was planning to auction the tools online. The incident caused several tech companies, including Cisco and Fortinet, to issue emergency patches for previously unknown vulnerabilities in several of their products.
Software vulnerabilities have the potential to affect customers long after the are discovered if patches aren’t installed or customers continue to use older versions of products. If a security concern remains unpatched, a vulnerability can persist inside a network, posing long-term risks.
Microsoft Security Response Center recommends people use the latest versions of their software and ensure all updates and patches are installed.