This weekend was a busy one for security researchers. The hacking group Shadow Brokers released a series of exploits that attacked nearly all versions of windows released during the last 20 years including the desktop OS, Server, and other platforms.
Simply put, if you are using any desktop version of Windows, these exploits could potentially impact your environment. This type of information should not be taken lightly as these exploits are real and for those who are slow to patch your own PC or your environment, there is a plausible reason to believe you are leaving yourself open to attack.
After these exploits and tools made their way to the web, the hot takes from the leaks suggested that every version of Windows, including Windows 10, was vulnerable. Partially, this was Microsoft’s fault, as they had not acknowledged that these exploits had been fixed and those making these statements later acknowledged that the latest updates from the company protected the OS from these exploits.
Microsoft did finally acknowledge that these vulnerabilities have been patched in a blog post here but this post went up after the tools leaked and several weeks after the patches had already been shipped.
What this means is that if you are running a supported version of Windows, as long as you have the latest patches downloaded from Microsoft, your machine/environments are protected. But, not every company installs the latest patches as the company has released a few bad apples in the past that have done more damage than good thus resulting in IT Pros delaying the rollout of updates.
This is one of those situations where updating with this patch is critical as there is an easily exploited hole in Windows and tools that make the process of compromising a system rather trivial. If you haven’t installed last month’s updates, it’s time to act.
The outstanding question at this point is who tipped off Microsoft of these exploits that were magically patched before Shadow Broker released their wares? Microsoft isn’t saying, which is unprecedented, and many believe that it must have been the NSA as they knew the exact issues that these tools exploited and were able to give Microsoft the heads up once Shadow Broker was able to get their hands on the assets.
On one hand, Microsoft showed the value of its patching services and mechanisms by thwarting these exploits before they were released but on the other hand, if the company is working that closely with the NSA, this may not sit well with some individuals. There is a small circle of users who believe that Microsoft is secretly handing over sensitive information obtained from telemetry data or other sources in Windows to monitor anyone who uses the company’s OS; if Microsoft was found to have been given information behind closed doors about this exploit from the NSA, it would likely add fuel to this theory.
Considering that Microsoft will not say how they were tipped to this information, many believe that it is the NSA who turned over the information once the tools were obtained by Shadow Brokers.
If anyone is still running an unsupported version of Windows like XP or Server 2003, the exploits released by Shadow Brokers can compromise these platforms with little effort; you should move off of these operating systems as soon as possible. This may seem like an obvious statement but both of these products are still being used today.
For now, make sure your machine is updated with the latest patches and you will have little to worry about but this latest round of exploits reminds us that modern software is complex, security is difficult, and being vigilant in patching does have its rewards.