- How to stream Colts vs. Texans on Thursday Night Football 3 Years Ago
- Netflix drops ‘A Christmas Prince: The Royal Baby’ trailer 3 Years Ago
- Uber says it will audio-record rides to address safety concerns 3 Years Ago
- ‘Avengers: Endgame’ writers go in-depth on how they decided which superheroes lived and died 3 Years Ago
- How to watch Duke vs. Cal in the 2K Empire classic 3 Years Ago
- Trump’s impeachment notes get riffed into punk songs Today 12:01 PM
- Pete Buttigieg can’t do the Pete Buttigieg dance Today 11:55 AM
- How a woman’s cold ‘rejection form’ text message became an ’emotional labor’ meme Today 11:52 AM
- How to watch Texas vs. Georgetown in the 2K Empire classic Today 11:40 AM
- Apple cancels premiere of original film ‘The Banker’ amid sexual abuse allegations Today 11:25 AM
- Congress passes bill to safeguard Hong Kong, protesters Today 11:15 AM
- Conquer Black Friday and Cyber Monday, whether you’re shopping online or IRL Today 10:40 AM
- #DeadUploadDay: YouTubers fight new rules for monetizing kids videos Today 10:39 AM
- ‘Crazy Rich Asians’ director responds to Brenda Song controversy Today 10:36 AM
- Google announces new limits for political advertising Today 9:18 AM
The well-known hacking group (or individual) called “Shadow Brokers,” just leaked a number of Windows vulnerabilities allegedly designed to go after old Microsoft computers. The release of these exploits, which the group claims were taken from the National Security Agency (NSA), begs the question: Did the NSA tell Microsoft about what could be targeted after the agency’s own hacking tools were stolen?
As Marcy Wheeler of emptywheel points out, the NSA had at least 96 days to warn Microsoft about the extent of the leaks. The software giant was evidently not able to defend itself in time for the latest dumps, as many hackers have already gotten the files to work. This points to a zero-day attack, or one that goes after a flaw in software that vendors are completely unaware of—or in this case, never warned of.
Researchers are sifting through the heaps of leaked files determining their legitimacy and capabilities. Kevin Beaumont, who has been working tirelessly to fill in the blanks, says he thinks many of the vulnerabilities, including those that affect Windows XP, 2003, Vista, 7, and 8, are zero-day. He even told Motherboard, “All of the Windows implants are new to VirusTotal [an online file scanning tool], which suggests they’ve not been seen before.”
The concerns surrounding the transparency of the NSA and its duty to warn a company of an impending attack puts the Vulnerabilities Equities Process (VEP) into question. The VEP is a procedure that gets triggered when the government needs to decide whether it should disclose information about a software vulnerability, or if it hides that critical information.
There is still no definitive evidence showing the government did or did not tell Microsoft of the swaths of exploits Shadow Brokers allegedly stole from it. You’d hope the government would attempt to protect the company and its hundreds of millions of users once it became aware that its own hacking files ended up in the wrong hands.
A Microsoft spokesperson told Motherboard the company is “reviewing the report and will take the necessary actions to protect our customers.”
We have reached out to the NSA and will update this article if we hear back.
While you wait, anyone running a Windows PC on old software should seriously consider updating to Windows 10.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.