It appears the National Security Agency, once again, is the victim of a data dump — one that leaves Windows users vulnerable.
A hacking group, known as the Shadow Brokers, published a list of spy tools over the Easter weekend that it says were developed and used by the NSA to hack computer systems running Windows. The list, which was announced in a bizarre blog post, included passwords and configuration data as well as networks.
Microsoft, in a blog post, said it has already fixed the majority of the software flaws that were vulnerable to the leaked tools. In fact, the exploits would only give hackers the ability to gain control of earlier Windows operating systems.
“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” Microsoft principal security group manager Phillip Misner said. “Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.”
Three exploits — EnglishmanDentist, EsteemAudit and ExplodingCan — will, however, impact any Windows users who are still running Windows XP and older versions.
“Customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk,” Misner added. “Customers still running prior versions of these products are encouraged to upgrade to a supported offering.”
According to Comae Technologies founder Matt Suiche, the Windows hacking tools were used to target the SWIFT money-transfer system used by service providers in both the Middle East and South America.
“If Shadow Brokers claims are indeed verified, it seems that the NSA sought to totally capture the backbone of international financial system to have a God’s eye into a SWIFT Service Bureau — and potentially the entire SWIFT network,” Suiche said in a blog post.
CNN Tech reported that SWIFT has yet to experience any unauthorized access on its networks.