Microsoft says Vulnerability-related.DiscoverVulnerability it had already fixed Vulnerability-related.PatchVulnerability software flaws linked to an alleged breach of the global banking system before they were exposed last week . On Friday , a group called the Shadow Brokers published details of several hacking tools , indicating they had been used by the US National Security Agency ( NSA ) to spy on money transfers . Reports suggested Microsoft 's Windows operating system remained vulnerable . But the firm revealed it had in fact addressed Vulnerability-related.PatchVulnerability the problem in March . `` Customers have expressed concerns around the risk [ Shadow Brokers ' ] disclosure potentially creates , '' it said in a security update . `` Our engineers have investigated the disclosed exploits , and most of the exploits are already patched Vulnerability-related.PatchVulnerability . '' The company has not , however , revealed how it became aware of the flaws . Microsoft normally acknowledges third parties who tip it off to problems , but has not done so in this case . The Reuters news agency reported that the company had told it that neither the NSA nor any other part of the US government had informed it of the hacking tools ' existence . That calls into question how Microsoft learned of the issue - tech blog Ars Technica commented it was `` highly unlikely '' that the patch and leak would both have occurred so close together by coincidence . Whisteblower Edward Snowden had previously leaked Attack.Databreach documents in 2013 that alleged the NSA had carried surveillance of the Brussels-based Society for Worldwide Interbank Financial Telecommunication ( Swift ) for several years , but did not specify how . Swift allows the world 's banks to send payment orders and other messages about large financial transactions in a `` secure and reliable '' manner . It is used by about 11,000 financial institutions . The allegation is that third parties - known as Swift Service Bureaus - that provide access to Swift 's network were targeted by the NSA , rather than Swift itself . `` If Shadow Brokers ' claims are indeed verified , it seems that the NSA sought to totally capture the backbone of [ the ] international financial system to have a God 's eye [ view ] into a Swift Service Bureau - and potentially the entire Swift network , '' blogged security researcher Matt Suiche after the latest leak . `` If the US had a specific target in the region 's financial system , NSA penetration offers [ an alternative to ] merely relying upon good faith compliance procedures , standard diplomatic requests , or collaborating with Swift . ''

On Friday , a cache of hacking tools allegedly developed by the US National Security Agency was dumped online . The news was explosive in the digital security community because the tools contained methods to hack computers running Windows , meaning millions of machines could be at risk . Security experts who tested the tools , leaked by a group called the Shadow Brokers , found that they worked . They were panicked : This is really bad , in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe . — Hacker Fantastic ( @ hackerfantastic ) April 14 , 2017 But just hours later , Microsoft announced that many of the vulnerabilities were addressed Vulnerability-related.PatchVulnerability in a security update released Vulnerability-related.PatchVulnerability a month ago . “ Today , Microsoft triaged a large release of exploits made publicly available by Shadow Brokers , ” Philip Misner , a Microsoft executive in charge of security wrote in a blog post . “ Our engineers have investigated the disclosed exploits , and most of the exploits are already patched Vulnerability-related.PatchVulnerability . ” Misner ’ s post showed that three of nine vulnerabilities from the leak were fixed Vulnerability-related.PatchVulnerability in a March 14 security update . As Ars Technica pointed out , when security holes are discovered Vulnerability-related.DiscoverVulnerability , the individual or organization that found Vulnerability-related.DiscoverVulnerability them is usually credited in the notes explaining the update . No such acknowledgment was found in the March 14 update . Here ’ s a list of acknowledgments for 2017 , showing credit for finding security problems in almost every update . One theory among security practitioners is that the NSA itself reported Vulnerability-related.DiscoverVulnerability the vulnerabilities to Microsoft , knowing that the tools would be dumped publicly . Microsoft told ZDNet that it might not list individuals who discover Vulnerability-related.DiscoverVulnerability flaws for a number of reasons , including by request from the discoverer . The US government has not commented on this leak , though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden .