Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits (pcworld.com)

Posted by msmash on from the things-under-control dept.

Microsoft said it has already patched vulnerabilities revealed in last week's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date. From a report: Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008. However, Microsoft said several patches -- one of which was made only last month -- address the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post late on Friday. Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.

14 of 48 comments (clear)

  1. move along by zlives · · Score: 3, Insightful

    you are completely secure citizen. not that you had anything to hide... right?

  2. Meh... by Anonymous Coward · · Score: 2, Insightful

    I'd rather they fix the god damn default apps reseting themselves randomly for no good reason instead. Since the day Windows 10 came out it's been an issue. No I don't want Edge to be my default PDF reader, now stop reseting my shit!

  3. It's the timing that is suspect. by Anonymous Coward · · Score: 1

    They patched them in the months before they were released, which implies one of two things : Wikileaks contacted them ahead of the release, or the NSA contacted them ahead of the release.

  4. Controlled Opposition Confirmed? by NicknameUnavailable · · Score: 1

    Microsoft has never been known for security prowess, it stands to reason the Wikileaks dump was controlled and Microsoft had foreknowledge of what was being dumped.

  5. Most of them are old fixes. Windows 2003 by raymorris · · Score: 1

    ONE of the fixes was fairly recent. Most are old fixes for old exploits.

    Our company actually has more recent code than the NSA has in this dump.

    From our analysis so far, we're most concerned about Windows 2003.

  6. Get off my turf, punk! by jenningsthecat · · Score: 1

    "We're the only ones allowed to pwn our customers", says Microsoft to the NSA.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    1. Re:Get off my turf, punk! by rtb61 · · Score: 1

      You left out the 'for free' bit, all of them play when the CIA/NSA/FBI pay (not to forget FSB or MSS). They only scream, Google, M$, Facebook et al, when they are forced to do it for free. They are quite content to do anything to you they can as long as they are paid. Come on people, they roll over for the government of China, they roll over the pretend enemy Russia and fucking hell they even roll over for Saudi Arabia the terrorist state, just as long as they are paid and paid millions of dollars to fuck you over.

      --
      Chaos - everything, everywhere, everywhen
  7. The *real* question... by gweilo8888 · · Score: 2

    ...isn't whether they fixed the exploits or not. The real question is how many more exploits were added at the NSA's behest alongside these new patches.

    1. Re:The *real* question... by drinkypoo · · Score: 1

      They don't need any new exploits, the whole damned OS is an exploitation framework. They send updates downstream, you will take them in bundles and you will like it peon, and then they collect telemetry upstream. 3, profit!!!

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  8. Re:Found the LUDDITE! by zlives · · Score: 1

    god is a Luddite concept, we worship at the altar of AI which is a large touch screen with Apps that can ape apps with their deep learning neural networks... or something like that

  9. Very bad title by manu0601 · · Score: 1

    The summary actually contradicts the title.

    Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.

    Many people still run XP and are at risk because of three unpatched flaws.

  10. Auditing tools? by l0n3s0m3phr34k · · Score: 1

    Anyone know if there are any available auditing tools for these, specifically? I've got a meeting with my upper managment and cross-country team and would love to show them this specifically as to why they need to drop 2008 ASAP.

  11. Re:Hate to put this in text, but Win10 is decent. by ArchieBunker · · Score: 1

    You sound like a poorly written chat bot. I still don't know what the hell you are babbling about.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  12. Re:Hate to put this in text, but Win10 is decent. by Trax3001BBS · · Score: 1

    I've avoided Windows, but gaming won out.

    My Win10 install is very minimal 7 directories, all of my malware sites have been shutdown so I used the EICAR test file.
    I was still in the glow of that test it was entertaining tossing that file out and seeing if Defender picked up on it and it was found fairly quickly.
    Problem here is all malware programs are written to catch the EICAR test file.

    The glow is gone and my Linux Mint not booting after this large Windows update (No boot menu). Things are still the same I've found - let Windows install the file/driver and it's broke being one.