Microsoft says all of the security flaws exposed in Friday's leak of National Security Agency (NSA) hacking tools were already fixed in supported versions of its software.
The NSA penetrated a service bureau for SWIFT SWIFT is an global financial messaging service used for transferring money between banks, and it possesses data useful for tracking how money flows around the world.
Security researchers have taken to social media sites to speculate on the circumstances that led to Microsoft killing all four of would-be zerodays one month before they were published on the Internet. There are trillions of dollars per day that get transferred through SWIFT, with over 11,000 banks and securities organizations in over 200 countries using SWIFT.
Microsoft has confirmed that most of the NSA's hacking tools created to target Windows published earlier this week have been patched. That the researchers were running slightly outdated, un-patched versions of Microsoft's software only became apparent after the company made its late-night announcement. Cisco Systems Inc has previously acknowledged that its firewalls had been vulnerable.
The NSA and Cisco declined to reply to repeated requests for a comment on the matter, while Belgium-based SWIFT downplayed the risk of attacks through the code released by the hackers.
"We have no evidence to suggest that there has ever been any unauthorised access to our network or messaging services", it said in a statement on Friday.
The release included computer code that could be adapted by criminals to break into Swift servers and monitor messaging activity, said Shane Shook, a cybersecurity consultant who has helped banks investigate breaches of their Swift systems.
Hickey noted that the Windows leverages which were leaked on April 14 could be used by anyone who downloads them to target relevant data in Windows-based circumstances or conduct espionage.
The NSA's official seal appeared on one of the slides in the presentation, although Reuters could not independently determine the authenticity of the slides. ASA stands for Adaptive Security Appliance and is a combined firewall, antivirus, intrusion prevention and virtual private network, or VPN. Microsoft has said it has already patched the vulnerabilities discovered in this latest hack.
"Of the three remaining exploits, "EnglishmanDentist", "EsteemAudit", and "ExplodingCan", none reproduces on supported platforms, which means that customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk". Microsoft said it detailed the flaws on Friday as part of its coordinated vulnerability disclosure program.
Labeled as an Kerberos exploit targeting 2000, 2003, 2008 and 2008 R2 domain controllers, Microsoft said MS14-068 contains a patch for these attacks.
One theory among security practitioners is that the NSA itself reported the vulnerabilities to Microsoft, knowing that the tools would be dumped publicly.
Meanwhile, EastNets Service Bureau, that provides outsourced SWIFT connectivity, on Saturday denied that its bureau was compromised and said that the reports of hack are "totally false and unfounded".