Microsoft responds to Wikileaks Vault 7 allegations

Microsoft’s Windows OS has been implicated in a recent Wikileaks data dump which is alleged to include the CIA’s collection of hacking tools for a wide variety of platforms, which besides Windows includes iOS, Android, Linux, macOS and even Samsung smart TVs.

Reportedly the CIA runs a very substantial effort to infect and control Microsoft Windows users with its malware. This includes multiple local and remote weaponized “zero days”, air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ( “Brutal Kangaroo”) and to keep its malware infestations going.

Some claimed that the CIA had also compromised windows update, and could therefore take over Windows PCs on demand, with Kim Dotcom saying the “CIA turned every Microsoft Windows PC in the world into spyware. Can activate backdoors on demand, including via Windows update.”

The documents mainly reveal however that the CIA and other spy agencies have been working to develop their own exploits or purchased them on the black market, and appear to confirm that Microsoft was not cooperating directly with the 3 letter agencies.

In a comment to the BBC Microsoft said “We are aware of the report and are looking into it.”

Presumably the more secure Microsoft makes windows and the quicker they fix the holes uncovered by the report the more our privacy is secured. On the other hand we know that right now there are two unpatched zero-day vulnerabilities on Windows, suggesting perfect privacy will remain an illusion for some time still.