Technology

Save
Print

What Windows users should know about latest bugs revealed by NSA leakers

Microsoft had already fixed a number of Windows security vulnerabilities before they were revealed last week by the Shadow Brokers – a group that has released several leaks about the inner workings of the National Security Agency.

For consumers, that means you should not be at risk as long as you've downloaded the latest security updates. In a company blog post, Microsoft said that it had addressed all of the vulnerabilities either on or before March 14. Desktop users who allow auto-updates or who regularly check for updates on their computers should be covered.

If you're still sticking to older versions of Windows, however, you could run into a problem. Microsoft said that the patches have been fixed for anyone running Windows 7 and beyond – meaning that if you're a Windows XP holdout, you are still vulnerable. That's still about 7.4 per cent of the world, according to analytics firm NetMarketShare. Those running versions of Exchange older than Exchange 2010 are also not protected.

"Customers still running prior versions of these products are encouraged to upgrade to a supported offering," Microsoft said in its post.

The leaks from last week shared information about "zero-day exploits", or vulnerabilities that are exploited on the same day they are discovered. Security researchers initially feared that the release of information about these insecurities would lead to a spike in hacks while Microsoft scrambled to patch the problems after the disclosure.

But those worries were unfounded. Microsoft appears to have been notified about the problems ahead of the release – security experts suspect the company could have been informed by the Shadow Brokers or by the NSA itself, Ars Technica reported.

"We've investigated and confirmed that the exploits disclosed by the Shadow Brokers have already been addressed by previous updates to our supported products," a Microsoft spokesperson said.

"Customers with up-to date software are already protected."

Washington Post, with Fairfax Media