Brief: Hackers got chance to steal from millions as Microsoft took months to fix Word flaw

Photo credit: Cuneopost.

• Microsoft took six months to investigate and patch a flaw in the way Microsoft Word processes documents from another format. An ethical hacker exploited the flaw and alerted Microsoft last October. Instead of an immediate patch, the company took time to find a comprehensive solution.
• Hackers got wind of the bug in January and used it to spy on political figures and military personnel in Russia and Ukraine. This stayed under the radar, but in March a financial hacking software called Latenbot started exploiting the flaw.
• Then on April 6, McAfee noticed attacks using the Word flaw and blogged about it the next day without waiting for Microsoft to patch it first – contrary to usual practice. McAfee VP Vincent Weafer blamed “a glitch in our communications with our partner Microsoft” for the gaffe.
• Soon a program to exploit the flaw appeared in underground markets and criminal hackers used it to booby-trap documents with Dridex banking fraud software, targeting millions of online bank accounts in Australia and other countries. Finally, Microsoft patched the flaw on April 11, six months after hearing about it.

Source: Reuters

See: This startup secures data for NASA, Fujitsu, Deloitte

This post Brief: Hackers got chance to steal from millions as Microsoft took months to fix Word flaw appeared first on Tech in Asia.

from Tech in Asia https://www.techinasia.com/hackers-got-chance-to-steal-from-millions-as-microsoft-took-months-to-fix-word-flaw
via IFTTT