Microsoft Fixed The Shadow Brokers' Bugs In Silent March Update

After a month-long delay of Windows 10 security patches raised suspicions back in February, Microsoft appears to have silently fixed some Windows vulnerabilities that the NSA and potentially “The Shadow Brokers” hacking group were exploiting. The company revealed this on Friday after The Shadow Brokers released an entire set of NSA exploits online.

Shadow Brokers And The NSA

Back in August 2016, the Shadow Brokers hacking group claimed to have all the exploit tools used by the “Equation Group,” which was previously linked to the NSA and thought to be the creators of sophisticated malware such as Stuxnet, Duqu, and Flame.

Since then, the group released some of the vulnerabilities, but it kept most of them to itself to make them available for auctions. In January of this year, the group announced another auction for Windows exploits. The exploits it released on Friday seem to match the ones the group tried to sell in January.

Some of the Windows vulnerabilities that were enabling the exploits seemed quite serious, such as remote code execution bugs. One tool called “FUZZBUNCH” seems to have allowed NSA’s Equation Group agents to more easily infect vulnerable Windows computers remotely by automating the malware deployment process.

Microsoft Reacts To Shadow Brokers’ Release

Later on Friday, Microsoft published a blog post in which it revealed that most of the vulnerabilities mentioned in The Shadow Brokers’ leak were fixed in a March 14 update.

This seems to have raised some questions about whether or not the NSA informed Microsoft about the exploits The Shadow Brokers were auctioning. Considering these were NSA’s exploit tools in the first place, that meansthe intelligence agency could have alerted Microsoft about the vulnerabilities last year, if it had wanted to do so.

Microsoft claimed that no individual or agency has been in contact about The Shadow Brokers’ exploit tools. This would normally mean either that Microsoft somehow found (or purchased) all the vulnerabilities The Shadow Brokers were auctioning off, or perhaps that someone anonymously alerted Microsoft about the bugs.

We may never know how exactly Microsoft found out about the vulnerabilities, but we do know that Microsoft’s February omission of security updates was highly out of the ordinary. However, the company has mostly kept quiet about that, too, also choosing to silently release the following March 14 updates without any explanation for why users were denied the February security patches.

The good news is that all the serious bugs owned by both the Shadow Brokers and the NSA’s top hacking group have been fixed. Therefore, even though the bugs were made public by the hacking group, they can’t be used against you anymore. One caveat here is that you have to have at least the March 14 Windows updates installed; otherwise you would be vulnerable.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • why_wolf
    What was more alarming was that several security researches were going around claiming the exploits still worked against Windows, hence why Microsoft published the blog post. Turns out several researches and tech blogs were doing their testing on systems that we not up to date with all patches. Which is kind of mind blowing because updating your system is the 1st step in securing your system against attacks. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
    Reply
  • Jeff Fx
    It's a little weird reading about the "Shadow Brokers" as I play a Mass Effect game.
    Reply
  • alextheblue
    19575720 said:
    What was more alarming was that several security researches were going around claiming the exploits still worked against Windows, hence why Microsoft published the blog post. Turns out several researches and tech blogs were doing their testing on systems that we not up to date with all patches. Which is kind of mind blowing because updating your system is the 1st step in securing your system against attacks. https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
    Wouldn't be the first time a "security researcher" published false information about vulnerabilities. For every talented, thorough security researcher there's a few hacks.
    Reply
  • LORD_ORION
    Remember, you should not be affraid to do business with US cloud based companies. ;)

    LOL
    Reply
  • Dark Lord of Tech
    Sure they fixed them.
    Reply