How to Respond to Recent Release of NSA Hacking Tools
If you were watching the news outlets on Friday, April 14th, you likely saw articles (like the CNN article here.) relating to the release of hacking tools used by the National Security Agency (NSA) by a hacking group named Shadow Brokers. They reference a set of vulnerabilities in Microsoft operating systems and applications.
There are a few baseline facts that we need keep in mind.
- None of the vulnerabilities are new
- Each vulnerability is already patched (see more information from Microsoft here) on operating systems newer than Windows 7 and applications like Exchange 2010
How do we recommend reacting to the news from Friday?
- Ensure your patching method is consistent and any issues are handled quickly
- The overall security of a network equals the security level of the least secure device or software
- Employ defense in depth – use multiple layers of security (network, devices, software…)
- Review the levels of software / operating systems on your network – know what you have.
If you have any questions relating to these articles, please contact BerganKDV. We can help you assess your vulnerabilities and make recommendations to minimize risks.