Microsoft knows about security holes that threaten millions of computers on Word but why six months later they had patched?

This delay of Microsoft causes a lot of damage, best website for latest technology news informed, especially for Word users. Let’s examine the circumstances surrounding the vulnerability process, CVE-2017-0199, to understand why we always find it difficult to protect our computer against hackers, including middle-sized hackers in our interesting tech news.

A security vulnerability in Word is not too dangerous but it is common. It appears in his software as big as Microsoft and allows hackers to take control of the victim’s computer without leaving many traces. The April 11 update patched the vulnerability.

microsoft-word-1

But before the hole was patched, a difficult journey took place. It took 9 months from discovery of the hole until it was patched. According to security experts, this is an unusually long period of time.

Combination of holes

Hanson has spent months assembling what he discovered with other flaws to make it even more dangerous. In October last year, he sent information about the vulnerability to Microsoft. Like other technology firms, Microsoft usually offers a modest fee to those who discover vulnerabilities in their software or services.

Soon, about 6 months ago, Microsoft admitted that it was possible to fix the problem. But things are not so simple. A quick change in the installation on Word made by the customer can fix the problem but if Microsoft informs the customer about the vulnerability and how to fix, the hacker will also grasp how to exploit the vulnerability.

microsoft-word-3

Attacks began to appear

It is unclear how hackers found the hole Hanson discovered earlier. Maybe they discovered the problem themselves or Microsoft patched a hole in the information, even Optiv and Microsoft may have been hacked.

In January 1974, when Microsoft was looking for solutions, hackers began to exploit this vulnerability.

The first victims received emails that tricked them into clicking on Russian documents on military matters in Russia … Then their computers were infected with eavesdropping software from the Gamma Group, a We specialize in selling spy software to government agencies.

Security experts say one of Gamma Group’s customers has attempted to exploit this vulnerability to gain access to computer soldiers or political figures in Ukraine or Russia.

April 10th, a series of attacks have taken place around the world. A cyber criminal has sent a phishing email with attachments containing hacked Dridex bank account software to millions of computers in Australia.

Initial attacks were conducted on a small scale, aiming at a small number of targets, so they were undetected. But in March, FireEye researchers discovered that the financial hacking software called Latenbot was being released also took advantage of Microsoft’s vulnerability.

microsoft-word-2

FireEye investigates further and discovers these early attacks with Russian material. Immediately, FireEye reported the problem to Microsoft. The software giant confirmed that they first received a warning of the attacks in March and planned to release the patch on April 11.

According to Marten Mickos, CEO of Hacker One, six months to patch a vulnerability is too long but not the case. In the process of patching holes, there is a need for collaboration between researchers and software vendors.

The process of patching holes takes a lot of time and effort but the exploiters of the flawed act extremely quickly.

It is unclear how many people are affected by the vulnerability and how much money has been stolen by hackers.

Add a Comment