Friday’s leak caused concern in the security community. The spying tools include about 20 exploits designed to hack into old versions of Windows, such as Windows XP and Windows Server 2008.
However, Microsoft said several patches—one of which was made only last month—address the vulnerabilities.[ Further reading: How the new age of antivirus software will protect your PC ]
“Our engineers have investigated the disclosed exploits, and most of the exploits are already patched,” the company said in a blog post late on Friday.
Three of the exploits found in the leak have not been patched but do not work on platforms that Microsoft currently supports, such as Window 7 or later and Exchange 2010 or later.
“Customers still running prior versions of these products are encouraged to upgrade to a supported offering,” the company said.
Matthew Hickey, director of security firm Hacker House, has looked over the leaks and agrees with Microsoft’s assessment.
He advises that businesses, which often delay patches for operational purposes, move quickly to install the Microsoft fixes to mission critical servers. Hickey demonstrated in a video that one of the exploits in the leak can easily trigger remote code execution in a machine running Windows Server 2008 R2 SP1.
The patch, MS17-010, addresses the exploit. Microsoft issued the fix last month, but it’s unclear how the company learned of the security issue.
“Microsoft doesn’t credit anyone for the report behind the March patch,” tweeted former NSA contractor Edward Snowden. He wonders whether the NSA tipped off Microsoft.
Friday’s high-profile leak was the latest disclosure from a mysterious group known as the Shadow Brokers. The group has been posting files suspected to originate from the NSA since last August.
Security experts say Friday’s disclosure is probably another blow to the U.S. spy agency. The Shadow Brokers have also warned they have more files to release.