- Microsoft took six months to investigate and patch a flaw in the way Microsoft Word processes documents from another format. An ethical hacker exploited the flaw and alerted Microsoft last October. Instead of an immediate patch, the company took time to find a comprehensive solution.
- Hackers got wind of the bug in January and used it to spy on political figures and military personnel in Russia and Ukraine. This stayed under the radar, but in March a financial hacking software called Latenbot started exploiting the flaw.
- Then on April 6, McAfee noticed attacks using the Word flaw and blogged about it the next day without waiting for Microsoft to patch it first – contrary to usual practice. McAfee VP Vincent Weafer blamed “a glitch in our communications with our partner Microsoft” for the gaffe.
- Soon a program to exploit the flaw appeared in underground markets and criminal hackers used it to booby-trap documents with Dridex banking fraud software, targeting millions of online bank accounts in Australia and other countries. Finally, Microsoft patched the flaw on April 11, six months after hearing about it.
This post Brief: Hackers got chance to steal from millions as Microsoft took months to fix Word flaw appeared first on Tech in Asia.