Microsoft had already fixed a number of Windows security vulnerabilities before they were recently revealed by the Shadow Brokers — a group that has released several leaks about the inner workings of the National Security Agency.
For consumers, that means you should not be at risk as long as you’ve downloaded the latest security updates. In a company blog post, Microsoft said it had addressed all of the vulnerabilities either on or before March 14. Desktop users who allow auto-updates or who regularly check for updates on their computers should be covered.
If you’re still sticking to older versions of Windows, however, you could run into a problem. Microsoft said the patches have been fixed for anyone running Windows 7 and beyond — meaning if you’re a Windows XP holdout, you are still vulnerable. That’s still about 7.4 percent of the world, according to analytics firm NetMarketShare. Those running versions of Exchange older than Exchange 2010 are also not protected.
“Customers still running prior versions of these products are encouraged to upgrade to a supported offering,” Microsoft said in its post.
The leaks shared information about “zero-day exploits,” or vulnerabilities that are exploited on the same day they are discovered. Security researchers initially feared that the release of information about these insecurities would lead to a spike in hacks while Microsoft scrambled to patch the problems after the disclosure.
But those worries were unfounded. Microsoft appears to have been notified about the problems ahead of the release — security experts suspect the company could have been informed by the Shadow Brokers or by the NSA itself, Ars Technica reported.