One of Microsoft's patches was issued as recently as last month / Getty

The company says it has already addressed 'most of the exploits' 

Windows users are being told to update their computers after a hacking group released a collection of exploits designed to help cybercriminals break into Microsoft’s software.

The tools, which were released by the Shadow Brokers group, had allegedly been stolen from the US’ National Security Agency (NSA) last summer.

It is believed that NSA spies had been using the exploits to secretly break into computers running older versions of Windows, including XP and Vista. 

Microsoft says “most of the exploits” have already been addressed with a series of patches – one of which was issued as recently as last month – but warned Windows users to make sure their devices are up to date.

“Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products,” the company wrote in a blog post. “We encourage customers to ensure their computers are up-to-date.”

Users running the latest versions of the Windows operating systems still supported by Microsoft will be safe from the EternalBlue, EmeraldThread, EternalChampion, ErraticGopher, EsikmoRoll, EternalRomance, EducatedScholar, EternalSynergy and EclipsedWing exploits.

“Of the three remaining exploits, ‘EnglishmanDentist’, ‘EsteemAudit’, and ‘ExplodingCan’, none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk,” added Microsoft. 

“Customers still running prior versions of these products are encouraged to upgrade to a supported offering.”

Microsoft has hinted that the NSA didn’t warn it about the release, with a spokesperson telling Reuters, “Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.”

However, Edward Snowden, who previously claimed that the NSA “did not warn Microsoft” about the Shadow Brokers release, has suggested that the organisation may have tipped off the tech firm ahead of its March patch, tweeting, “Microsoft doesn't credit anyone for the report behind the March patch. Was it @NSAGov? If so, it was the right call. Better late than never.”

Comments