SoylentNews
SoylentNews is people
https://soylentnews.org/

aristarchus writes:

[UPDATED 2017-04-17] Ars Technica reports that Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers — Microsoft fixed critical vulnerabilities in uncredited update released in March.:

Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.

That's because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday's latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn't unprecedented, but it's uncommon, and it's generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday's leak.

Original story follows:

The "Shadow Brokers" released files that purport to expose vulnerabilities in Windows and especially in Windows Server.

Numerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In recent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security researchers say they actually work.

According to PCWorld, but there are plenty of other venues reporting on this.

Leaked NSA Malware Threatens Windows Users Around the World from the Intercept.

Ars Technica

El Reg And why are they "el Reg" They are Brexit, not Spanish?

And Network World, with a very nice picture of the Puzzle Palace.

I have always wondered what it would take. Maybe if Microsoft forcibly dragged a user off of it's platform. After this, however, that may not be necessary.

Original Submission

1. "aristarchus" - https://soylentnews.org/~aristarchus/
2. "Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers — Microsoft fixed critical vulnerabilities in uncredited update released in March." - https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
3. "Ars and the rest of the world reported Friday" - https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
4. "blog post published late Friday night" - https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
5. "MS17-010" - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
6. "CVE-2017-0146" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146
7. "CVE-2017-0147" - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
8. "PCWorld" - http://www.pcworld.com/article/3190121/security/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html
9. "Leaked NSA Malware Threatens Windows Users Around the World" - https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/
10. "Ars Technica" - https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
11. "El Reg" - https://www.theregister.co.uk/2017/04/14/latest_shadow_brokers_data_dump/
12. " Network World" - http://www.networkworld.com/article/3189959/security/leaked-nsa-exploits-plant-a-bulls-eye-on-windows-server.html
13. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=19668

printed from SoylentNews, Windows Servers at Risk [UPDATED] on 2024-04-19 20:49:07