[UPDATED 2017-04-17] Ars Technica reports that Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers — Microsoft fixed critical vulnerabilities in uncredited update released in March.:
Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.
That's because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday's latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn't unprecedented, but it's uncommon, and it's generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday's leak.
Original story follows:
The "Shadow Brokers" released files that purport to expose vulnerabilities in Windows and especially in Windows Server.
Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security researchers say they actually work.
According to PCWorld, but there are plenty of other venues reporting on this.
The group behind the leak, the Shadow Brokers, didn't clearly explain why they dumped the files. But in addition to the documents, the hackers also released what appears to be an arsenal of Windows-based hacking tools -- some of which target previously unknown vulnerabilities.
"This isn't a data dump, this is a damn Microsoft apocalypse," tweeted a security researcher who goes by the name Hacker Fantastic.
Leaked NSA Malware Threatens Windows Users Around the World from the Intercept.
El Reg And why are they "el Reg" They are Brexit, not Spanish?
And Network World, with a very nice picture of the Puzzle Palace.
I have always wondered what it would take. Maybe if Microsoft forcibly dragged a user off of it's platform. After this, however, that may not be necessary.
NSA-created cyber tool spawns global ransomware attacks
Leaked alleged NSA hacking tools appear to be behind a massive cyberattack disrupting hospitals and companies across Europe, Asia and the U.S., with Russia among the hardest-hit countries.
The unique malware causing the attacks - which has spread to tens of thousands of companies in 99 countries, according to the cyber firm Avast - have forced some hospitals to stop admitting new patients with serious medical conditions and driven other companies to shut down their networks, leaving valuable files unavailable.
The source of the world-wide digital assault seems to be a version of an apparent NSA-created hacking tool that was dumped online in April by a group calling itself the Shadow Brokers. The tool, a type of ransomware, locks up a company's networks and holds files and data hostage until a fee is paid. Researchers said the malware is exploiting a Microsoft software flaw.
One or more anti-virus companies may have been hacked prior to WannaCrypt infecting 75000 Microsoft Windows computers in 99 countries. First, anti-virus software like Avast fails to make HTTP connections. Second, five million of ransomware emails are rapidly sent. Although many centralized email servers were able to stem the onslaught, many instances of anti-virus software had outdated virus definitions and were defenseless against the attack. Indeed, successful attacks were above 1%. Of these, more than 1% have already paid the ransom. Although various governments have rules (or laws) against paying ransom, it is possible that ransoms have been paid to regain access to some systems.
Also, file scrambling ransomware has similarities to REAMDE by Neal Stephenson. Although the book is extremely badly written, its scenarios (offline and online) seem to come true with forceful regularity.
Telefónica reportedly affected. NHS failed to patch computers which affected US hospitals in 2016. 16 divisions of the UK's NHS taken offline with aid of NSA Fuzzbunch exploit. The fun of a public blockchain is that ransom payments of £415,000 have been confirmed. Cancellation of heart surgery confirmed. Doctors unable to check allergies or prescribe medication. Patient access to emergency treatment denied in part due to hospital telephone exchange being offline.
It also appears that one of the affected parties refused to answer a Freedom of Information request in Nov 2016 about cyber-security due to impact on crime detection. Similar parties provided responses to the same request.