NSA Used Windows Bugs as Spy Tools
Microsoft says it's patched most of the recently revealed security flaws said to have been used by the National Security Agency (NSA) for spying. But the incident is a reminder not to rely on unsupported editions of Windows such as Windows XP and Vista. Windows Vista officially reached its end of extended support April 11, 2017.
A group calling itself "Shadow Brokers" is trying to auction what it says is a set of tools that the NSA were using for surveillance by taking advantage of security failings in widely used software. While that's a bold claim - particularly as it means the NSA had its own security lapses that allowed the tools to be stolen - independent sources suggest it is credible. However, the tools themselves may be several years old. (Source: zdnet.com)
One theory is that the tools were leaked from a team of cyber experts known as the "Equation Group" that's thought to work with the NSA, and may have helped develop Stuxnet, a virus that spread widely but was designed to specifically target Iran's nuclear operations.
Although Shadow Brokers are keeping the full set of tools to give to a winning bidder, they have produced enough detail about the tools to show what the relevant flaws may be. Microsoft says it's now completed an analysis of 12 of the specific threats.
Three Bugs Needed New Patches
Of these, six were known issues that were patched many years ago. Another three were patched in a security update last month. That may explain why the planned February update was delayed to the point that it was effectively merged with the March update. That highly unusual move could be because Microsoft wanted to be sure of fixing the problem and then getting it out as soon as possible.
With the remaining three issues, Microsoft said it wasn't able to replicate the flaws in any of the currently supported versions of Windows from 7 onwards. That may well mean the flaw affected earlier editions of Windows such as the no-longer supported XP and Vista. (Source: microsoft.com)
XP And Vista Users On Their Own
This marks an important step as Microsoft is at least giving the impression it didn't worry about whether or not these earlier editions were at risk. It's a firm reminder that Microsoft has passed the point where the hassle of continuing to support these editions long past the original cut-off date outweighs the risk to its reputation if people and businesses that continue using these outdated editions suffer hacking or other damage.
Microsoft also made a point of reissuing its backing of what it calls responsible disclosure, in which people who discover flaws should inform the software companies in question and not go public with the flaw until a fix has been developed. That could be a dig both at Shadow Brokers for revealing the flaws and also the NSA for using them as a surveillance method rather than informing Microsoft.
What's Your Opinion?
Is Microsoft right to not check or fix security flaws in older versions of Windows? Should businesses and people that continue using XP or Vista get any sympathy if they suffer security problems? Does the NSA's work outweigh any responsibility to tell software companies about bugs that could put the public at risk?
Infopackets Top Windows 10 FAQs
How to Upgrade from Windows 10 32-bit to 64-bit
How to Fix: Windows 10 Antivirus Missing, Not Compatible
How to Fix: Windows 10 Display Shifted; Screen Fuzzy
How to Upgrade Windows 7, 8 32-bit to Windows 10 64-bit
to Downgrade from Windows 10
- How to Fix: Windows 10 Upgrade Failed Error C1900208
- How to Fix: Windows 10 Upgrade Failed Error 80240020
- Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?
Click here for more Windows 10 articles.