NSA reported vulnerabilities to Microsoft for Shadowbrokers publication

Spread the love

The US military intelligence agency NSA was the party that warned Microsoft about the vulnerabilities for which the Shadowbrokers recently published several exploits. Based on that information, Microsoft was able to release a patch in March.

It is unclear when the service warned Microsoft. According to sources within the NSA, The Washington Post writes that “the organization eventually notified Microsoft of the vulnerabilities, which enabled it to develop patches.” The NSA used one of its tools, Eternalblue, for a period of five years. At the time, there was already a discussion within the organization whether the seriousness of the underlying SMB leak was serious enough to inform Microsoft, former NSA employees told the newspaper.

One of the employees, who all wish to remain anonymous, says the amount of intelligence that could be obtained with the tool was “unreal”; another employee says it was “just like fishing with dynamite.” Former NSA director Keith Alexander argued that the government should better protect its hacking tools. “Someone has robbed everything. The government should do better.” NSA Deputy Director Richard Ledgett said of reporting all vulnerabilities that this would amount to “unilateral disarmament” and that this idea is “nonsense.”

The paper’s report further reveals that the NSA has made improvements to the Eternalblue tool over time. Initially, the software often led to crashes of the target’s systems, giving rise to the name Eternalbluescreen. That is why permission from above had to be obtained in the beginning for the use of the tool. In addition, the US Defense and other government agencies are said to have updated their most vulnerable systems after Eternalblue was put into use.

Some security experts would argue that the internal process within the NSA, which considers whether a vulnerability should be reported, worked in this case. Others argue that the Shadowbrokers could have released the tools earlier, before the government could update its systems or without Microsoft developing a patch.

The Shadowbrokers released the Eternalblue tool in April. The tool is an exploit for a vulnerability in the implementation of the SMB protocol. After the publication, it turned out that Microsoft had already released a patch in March, but until now it was unclear who had reported the vulnerabilities to the company. Just under a week ago, unknowns distributed a ransomware variant called WannaCry, which used the Eternalblue tool. This affected a large number of systems worldwide. The Shadowbrokers recently announced a subscription service to further exploits.

You might also like