Yesterday, the mysterious “Shadow Brokers” posted some hacking tools for Windows that were allegedly stolen from the NSA. All of them were at least a few years old, but exploited flaws in several versions of the operating system to move across networks and infect systems. early Saturday morning, Microsoft has responded with a blog post, saying it has evaluated all of the exploits listed. Its response to the release is surprisingly simple: most of them have already been fixed.
In a statement to Reuters yesterday, Microsoft said that “Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” but that may not be the entire truth. For three of the exploits, Microsoft says they don’t affect supported platforms (read: any operating system recent enough that it’s still receiving security updates. If you’re still using them then you need to upgrade). For the other seven, the company says all of them are addressed by updates and patches.
What’s particularly curious is that four of the exploits — EternalBlue, EternalChampion, EternalRomance and EternalSynergy — were fixed in an update just last month, on March 14th. Because “The Shadow Brokers” listed what tools they had in January, it seemed like the NSA had to know this release could happen. If someone tipped off Microsoft about the flaws, then it’s unclear who. Despite a long list of acknowledgments for security issues discovered and fixed in the March 2017 update, as @thegrugq points out, there’s no name listed for the MS17-010 patch that fixed these.