Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Microsoft Privacy Security

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits (pcworld.com) 48

Microsoft said it has already patched vulnerabilities revealed in last week's high-profile leak of suspected U.S. National Security Agency spying tools, meaning customers should be protected if they've kept their software up-to-date. From a report: Friday's leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008. However, Microsoft said several patches -- one of which was made only last month -- address the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched," the company said in a blog post late on Friday. Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.
This discussion has been archived. No new comments can be posted.

Microsoft Says Previous Windows Patches Fixed Newly Leaked NSA Exploits

Comments Filter:
  • move along (Score:4, Insightful)

    by zlives ( 2009072 ) on Monday April 17, 2017 @03:44PM (#54251389)

    you are completely secure citizen. not that you had anything to hide... right?

  • Meh... (Score:2, Insightful)

    by Anonymous Coward

    I'd rather they fix the god damn default apps reseting themselves randomly for no good reason instead. Since the day Windows 10 came out it's been an issue. No I don't want Edge to be my default PDF reader, now stop reseting my shit!

  • by Anonymous Coward

    They patched them in the months before they were released, which implies one of two things : Wikileaks contacted them ahead of the release, or the NSA contacted them ahead of the release.

  • Microsoft has never been known for security prowess, it stands to reason the Wikileaks dump was controlled and Microsoft had foreknowledge of what was being dumped.
  • "We're the only ones allowed to pwn our customers", says Microsoft to the NSA.

    • by rtb61 ( 674572 )

      You left out the 'for free' bit, all of them play when the CIA/NSA/FBI pay (not to forget FSB or MSS). They only scream, Google, M$, Facebook et al, when they are forced to do it for free. They are quite content to do anything to you they can as long as they are paid. Come on people, they roll over for the government of China, they roll over the pretend enemy Russia and fucking hell they even roll over for Saudi Arabia the terrorist state, just as long as they are paid and paid millions of dollars to fuck y

  • by gweilo8888 ( 921799 ) on Monday April 17, 2017 @05:16PM (#54252245)
    ...isn't whether they fixed the exploits or not. The real question is how many more exploits were added at the NSA's behest alongside these new patches.
    • They don't need any new exploits, the whole damned OS is an exploitation framework. They send updates downstream, you will take them in bundles and you will like it peon, and then they collect telemetry upstream. 3, profit!!!

  • I'm OEM so no third party participation and Win10 is a tiny freaking OS. My Mom had a preference of shopping with out me and bringing home Acers. I missed my games and went Windows 10 Pro and so far 2 Linux Mint OS's, but it's early - Asus's EFI-BIOS will not update

    There are mistakes in the TOS (You read it if asked), one being who you get the updates from, MicroSoft and a tightly controlled thirds. If you use Autoruns https://technet.microsoft.com/... [microsoft.com] you will find a server running, while mayhaps a bad thi

    • You sound like a poorly written chat bot. I still don't know what the hell you are babbling about.

      • I've avoided Windows, but gaming won out.

        My Win10 install is very minimal 7 directories, all of my malware sites have been shutdown so I used the EICAR test file.
        I was still in the glow of that test it was entertaining tossing that file out and seeing if Defender picked up on it and it was found fairly quickly.
        Problem here is all malware programs are written to catch the EICAR test file.

        The glow is gone and my Linux Mint not booting after this large Windows update (No boot menu). Things are still the same I

  • The summary actually contradicts the title.

    Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.

    Many people still run XP and are at risk because of three unpatched flaws.

  • Anyone know if there are any available auditing tools for these, specifically? I've got a meeting with my upper managment and cross-country team and would love to show them this specifically as to why they need to drop 2008 ASAP.

Live free or die.

Working...