Either Microsoft is on their toes – or the stuff hackers steal from the NSA really is past its sell by-date

❝ Just as the Shadow Brokers hacker group started crowing about a dump of never-seen-before flaws in Windows, Microsoft announced it already had fixed most of the exploits.

“Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers,” Microsoft Principal Security Group Manager Phillip Misner wrote in a Friday post.

“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” he added.

Three of the dozen zero day vulnerabilities aired by the hackers, which they claimed were part of a large cache of data leaked from the U.S. National Security Agency, did not work at all on Windows 7 and above…

❝ As of the most recent patch cycle, no supported versions of Windows were vulnerable to the Shadow Brokers exploits, said Bobby Kuzma, a system engineer at Core Security.

“In other words,” he told TechNewsWorld, “for the love of God get XP, Vista and 2003 Server off of your networks.”

Har.

I know Microsoft users aren’t the most diligent of users of contemporary computing software and hardware. It was true through the 22 years I functioned within that milieu. I left over a decade ago and from what I read and hear – ain’t anything improved.

Basic security procedures still require regular backups and keeping your patches up-to-date. There’s more; but, too many folks don’t make it to the minimum.

Advertisements

One thought on “Either Microsoft is on their toes – or the stuff hackers steal from the NSA really is past its sell by-date

  1. Handy Andy says:

    “NSA backdoor detected on >55,000 Windows boxes can now be remotely removed : Microsoft dismisses DoublePulsar infection estimates, but otherwise remains silent.” https://arstechnica.com/security/2017/04/nsa-backdoor-detected-on-55000-windows-boxes-can-now-be-remotely-removed/ “As Ars reported 11 days ago, DoublePulsar is a weapons-grade implant released by the Shadow Brokers, a mysterious person or group that since August has leaked top-secret documents and software later confirmed to have been stolen from the NSA. In an unusual series of events that have not been explained, Microsoft patched the vulnerabilities DoublePulsar exploits exactly one month prior to its release. The implant provides a stealthy and reliable way for infected machines to communicate with an attacker-controlled command-and-control server.” Includes links

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s