Arrow-right Camera
The Spokesman-Review Newspaper
Spokane, Washington  Est. May 19, 1883

What Windows users should know about the latest bugs revealed by NSA leakers

The French headquarters of Microsoft Corp. in Issy-les-Moulineaux, outside Paris, Saturday April 15, 2017. (Raphael Satter / Associated Press)
By Hayley Tsukayama The Washington Post

Microsoft had already fixed a number of Windows security vulnerabilities before they were revealed last week by the Shadow Brokers – a group that has released several leaks about the inner workings of the National Security Agency.

For consumers, that means you should not be at risk as long as you’ve downloaded the latest security updates. In a company blog post, Microsoft said that it had addressed all of the vulnerabilities either on or before March 14. Desktop users who allow auto-updates or who regularly check for updates on their computers should be covered.

If you’re still sticking to older versions of Windows, however, you could run into a problem. Microsoft said that the patches have been fixed for anyone running Windows 7 and beyond – meaning that if you’re a Windows XP holdout, you are still vulnerable. That’s still about 7.4 percent of the world, according to analytics firm NetMarketShare. Those running versions of Exchange older than Exchange 2010 are also not protected.

“Customers still running prior versions of these products are encouraged to upgrade to a supported offering,” Microsoft said in its post.

The leaks from last week shared information about “zero-day exploits,” or vulnerabilities that are exploited on the same day they are discovered. Security researchers initially feared that the release of information about these insecurities would lead to a spike in hacks while Microsoft scrambled to patch the problems after the disclosure.

But those worries were unfounded. Microsoft appears to have been notified about the problems ahead of the release – security experts suspect the company could have been informed by the Shadow Brokers or by the NSA itself, Ars Technica reported.

Microsoft did not immediately respond to a request for comment.