IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Shadow Brokers: Microsoft Windows flaws were already patched

NSA allegedly had the ability to breach bank messaging system

NSA data

US spy agency the NSA allegedly had the tools to hack into interbank messaging system SWIFT via third party providers, according to documents released by hacking group Shadow Brokers last Friday.

SWIFT has since said there is no evidence suggesting its core messaging services or network have been compromised after Reuters reported that the Shadow Group documents indicated that the NSA had accessed SWIFT through service providers (service bureaux) that offer access to the system in the Middle East and Latin America.

In a media FAQ, the organisation said: "SWIFT is in close contact with the service bureaux concerned to verify that they are aware of the allegations and have appropriate preventative measures in place." The Belgium-based organisation allows over 200 organisations to send messages about financial transactions to each other and sends payment orders between institutions' accounts.

The tools were linked to vulnerabilities discovered in versions of Microsoft's Windows operating system. Cybersecurity expert Matt Suiche, of Comae Technologies, detailed in a blog post that "Windows Vista/2008 is out of support since Monday [12 April], and Windows XP/2003 has been unsupported for more than [three] years. This means that security vulnerabilities found on those systems will never be corrected."

However, Microsoft said in a security update that all but three of the published exploits had already been patched. Those three, 'EnglishmanDentist', 'EsteemAudit', and 'ExplodingCan', don't work on Windows operating systems that are still in support. But Microsoft has not announced how it learned of the vulnerabilities, though it usually gives credit to those who find bugs.

SWIFT said: "The allegations suggest there may have been attempts to gain unauthorised access to data at two service bureaux. The exploits do not target SWIFT's infrastructure or data. There is no impact on SWIFT's infrastructure or data, and there is no evidence to suggest that there has been any unauthorised access to SWIFT's network or messaging services.

"Customers should pay close attention their own security and take security into consideration when selecting a service bureau and working with other third party providers."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Microsoft blocking Tutanota users from Teams registration, claims fix unfeasible
Business operations

Microsoft blocking Tutanota users from Teams registration, claims fix unfeasible

8 Aug 2022
Microsoft wins five-year digital transformation deal with Australia’s largest telco
digital transformation

Microsoft wins five-year digital transformation deal with Australia’s largest telco

26 Jul 2022
Slack Connect vs Microsoft Teams Connect: Better than email?
collaboration

Slack Connect vs Microsoft Teams Connect: Better than email?

20 Jul 2022
Microsoft announces simulator for autonomous aircraft development
Cloud

Microsoft announces simulator for autonomous aircraft development

20 Jul 2022

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022