Last week, a group calling themselves the ShadowBrokers leaked malware that was used by the NSA to target computers running Windows. It was a striking data dump that potentially put millions of Windows users at risk. Luckily, Microsoft says they’ve already patched the vulnerabilities.
The Intercept confirmed the authenticity of the malware released by the ShadowBrokers; this is the second release of such software designed to break into Windows systems and in some cases, take control of the systems. At first the cache was thought to contain “zero-day” exploits—meaning that the vulnerabilities were previously unknown. But Microsoft released a statement saying they had analyzed the malware and that most of the vulnerabilities had already been patched—years ago in some cases, and most recently as March.
There are a few takeaways from all this. Of course, it’s still surprising to be reminded of the NSA’s capabilities, and it’s surprising that Microsoft patched some of the vulnerabilities just weeks before this leak. But for the average person running Windows, the main lesson here is that you should keep your software up to date. People complain that Windows is constantly pestering you to update but it’s for good reason. Those updates patch vulnerabilities and bugs to protect your system, and the minor inconvenience of having to restart your computer is worth the sixty seconds it will take.
Just install the dang updates.
This is also why you shouldn’t use software that is no longer supported, like Windows Vista. When Microsoft says they no longer “support” something, that means they won’t be issuing any more updates to that software. That leaves you in the lurch if any new security holes are discovered.
So keep yourself protected, don’t use completely outdated software, and let Windows update itself.