Opposite to almost all reports, Microsoft announced in a blog post that none of the published exploits stolen from the National Security Agency (NSA) work against the presently supported products. Friday’s leak began for all customers to become a concern in the security community. The NSA spying tools include about 20 exploits which are designed to hack into old the versions of Windows.
All the affected Microsoft Windows versions such as Windows XP and Windows Server 2008 just needs to be updated in order to fix the new exploits. According to PCWorld, Microsoft has already patched vulnerabilities for the spying tools. That means that concerned customers should be protected if and only if they’ve kept their software, as well as Windows version, up-to-date.
However, Microsoft also said that several patches, especially one of which was made only last March, discuss the vulnerabilities. "Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” said Microsoft in a blog posted last Friday. Three of the NSA exploits, which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-0147, have not been patched but do not work on programs that Microsoft currently supports, according to Ars Technica.
In order to resolve NSA exploits, Microsoft encourages all customers that are still running prior versions of the affected products to upgrade their platforms to a supported offering. In fact, other researchers such as Kevin Beaumont and Matthew Hickey claimed that they made the same critical mistake. Hickey, director of the security firm Hacker House, has observed over the leaks and agrees with the assessment of Microsoft.
Hickey advises that all businesses that are running and using the old Microsoft Windows, which often the cause of the delayed patches for operational purposes, move quickly in order to install the Microsoft fix to mission critical servers. He also published a video in which one of the exploits in the leak can easily prompt remote code execution on a machine that runs Microsoft Windows Server 2008 R2 SP1.