Microsoft
The cyberspace organizations of the United States and simple cybercriminals are now having a hard time. Many software vulnerabilities of various manufacturers became known due to the work of the hacker group Shadow Brokers, WikiLeaks and other organizations, including Symantec. As a result, IT companies manage and fix their software, which makes it impossible to exploit a large number of “holes” in software by anyone.
Microsoft Corp., as it turned out recently, corrected all zero-day vulnerabilities , About which the group Shadow Brokers told. In August 2016, she laid out the first portion of the exloi. They themselves did not create anything from what they reported, this software belongs to another hacking group Equation Group, which is known to be associated with the NSA.
Shadow Brokers decided to lay out a set of exploits, thus expressing a protest against the policy of Donald Trump, for which representatives of this group voted.
On-line examination of the contents of the exploits archive, Microsoft employees began to correct the presented vulnerabilities. The other day the corporation announced that all the vulnerabilities mentioned by hackers have been eliminated. This was done with the help of updates that Microsoft classifies as MS17-010, CVE-2017-0146, and CVE-2017. In its appeal, the corporation mentions that nobody contacted the NSA, the employees of this organization reported nothing about the problems in the software to Microsoft.
| Code name | Resolution |
| “ EternalBlue “ | Addressed by MS17-010 |
| “ EmeraldThread “ | Addressed by MS10-061 |
| “ EternalChampion “ | Addressed by CVE-2017-0146 & CVE-2017-0147 |
| “ErraticGopher” | Addressed prior to the release of Windows Vista |
| “ EsikmoRoll “ | Addressed by MS14-068 |
| “ EternalRomance “ | Addressed by MS17-010 |
| “ EducatedScholar “ | Addressed by MS09-050 |
| “ EternalSynergy “ | Addressed by MS17-010 |
| “ EclipsedWing “ | Addressed by MS08-067 |
The fact that none of the vulnerabilities disclosed by Shadow Brokers is working, it became known the day before the publication of Microsoft. This may mean that Windows users are relatively safe, at least those who regularly update their OS. In large organizations, where updates are installed centrally, all these vulnerabilities can still be relevant. In any case, it’s about EternalBlue, EternalChampion, EternalSynergy and EternalRomance.
But it’s not even interesting, but how Microsoft could learn about the quick publication of information about exploits a month before the announcement from Shadow Brokers. Perhaps the group itself contacted Microsoft, because, as mentioned above, the corporation denies contacts with the NSA.
If this assumption is correct, then Microsoft probably paid Shadow Brokers for this information, without publicizing their actions.
And one more assumption is that Microsoft independently discovered problematic places in its software, without the help of the NSA or the hacker group. This is quite possible, because other vulnerabilities announced by the grouping and related to Windows XP, Windows Server 2003, Exchange 2007, and IIS 6.0 remained uncorrected.
Interestingly, after the release of the exploits, most network security experts announced that these software tools are quite working in relation to Microsoft products. A little later, cybersecurity experts acknowledged a mistake, but the fact that many of them previously stated about the work vulnerabilities indicates that they simply did not check whether it was really, having checked with the Windows update log and not having seen any mention of the zero vulnerability patch Days.
