Slash Boxes

SoylentNews is people

Submission Preview

Link to Story

Fearing Shadow Brokers Leak, NSA Reported Critical Flaw to Microsoft

Accepted submission by Fnord666 at 2017-05-21 01:08:34

After learning that one of its most prized hacking tools was stolen by a mysterious group calling itself the Shadow Brokers, National Security Agency officials warned Microsoft of the critical Windows vulnerability the tool exploited, according to a report published Tuesday [] by The Washington Post. The private disclosure led to a patch that was issued in March.

Those same NSA officials, according to Tuesday's report, failed to communicate the severity of the vulnerability to the outside world. A month after Microsoft released the patch, the Shadow Brokers published the attack code, code-named EternalBlue, that exploited the critical Windows vulnerability []. A month after that, attackers used a modified version of EternalBlue to infect computers around the world with malware [] that blocked access to data. Within hours of the outbreak of the ransomware worm dubbed WCry, infected hospitals turned away patients; banks, telecommunications companies, and government agencies shut down computers.

"NSA identified a risk and communicated it to Microsoft, who put out an immediate patch," Mike McNerney, a former Pentagon cybersecurity official and a fellow at the Truman National Security Project, told The Washington Post. The problem, he said, is that no senior official took the step of shouting to the world: "This one is very serious, and we need to protect ourselves."

Source: ArsTechnica []

Original Submission