Microsoft’s Quiet Patching of Shadow Brokers’ NSA Hacks Signals Policy Win

April 15, 2017, 6:41 PM UTC
Brad Smith, President and Chief Legal Officer of Microsoft Corp., speaks as Satya Nadella, Chief Executive Officer, listens at the Microsoft Annual Shareholders Meeting in Bellevue, Washington on November 30, 2016. / AFP / Jason Redmond (Photo credit should read JASON REDMOND/AFP/Getty Images)
Jason Redmond—AFP/Getty Images

On Friday the Shadow Brokers, a mysterious hacker or group of hackers, released the “Microsoft apocalypse” that wasn’t.

What originally appeared to be one of the most damaging releases in recent memory of “zero-day” exploits, or hacking tools that take advantage of previously unknown software vulnerabilities, fell from the sky with the shrieking ferocity of a MOAB bomb and landed with the soft thud of a dud. Unknown to members of the information security community all through the day, Microsoft (MSFT) had quietly patched the majority of the Windows flaws in a security update last month, preventing the NSA-crafted espionage tools from being abused by opportunistic attackers after their leak. The company only announced that fact late in the evening.

Prior to Microsoft’s hysteria-neutering blog post, security pros had been tearing apart the leaked cache of digital weapons, running the attack code on their test systems, and warning the world about the potential danger of anyone connected to the Internet with a Windows-based computer. That the researchers were running slightly outdated, un-patched versions of Microsoft’s software only became apparent after the company made its late-night announcement.

Get Data Sheet, Fortune’s technology newsletter, where this essay originated

Given that Microsoft seemed to miraculously fix the hitherto unknown bugs just a month prior to their exposure leads any sane onlooker to the conclusion that the U.S. government must have alerted the company to these problems earlier and on the sly, preempting fallout. (A customary acknowledgement for the researcher who reported the bugs was conspicuously absent from Microsoft’s post, hmm.) If so, this coordinated disclosure represents a major policy coup. Instead of sticking its head in the sand (as critics often accuse the intelligence community of doing), the spy set appears to have worked with the tech sector, taking proactive measures to defuse the situation before it could get out of hand.

This is the right approach; kudos to all involved. To stay protected, make sure your systems—Windows 7 or later—are up to date with the latest patches, dear readers. And a Happy Easter to those who celebrate.

Read More

Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward