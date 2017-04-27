Hackers Exploited Word Flaw For Months While Microsoft Investigated (reuters.com) 11
An anonymous reader writes: To understand why it is so difficult to defend computers from even moderately capable hackers, consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common genre: it was in Microsoft software, could allow a hacker to seize control of a personal computer with little trace, and was fixed April 11 in Microsoft's regular monthly security update. But it had traveled a rocky, nine-month journey from discovery to resolution, which cyber security experts say is an unusually long time. Google's security researchers, for example, give vendors just 90 days' warning before publishing flaws they find. Microsoft declined to say how long it usually takes to patch a flaw. While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine. And a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.
*would of
Microsoft = Job Security*
* If you work for Microsoft, you're screwed. But for everyone else using Microsoft, you're golden.
Everyone who wants a new version of Windows must pay a full price, and get a new version that also has flaws.
Make the vendor responsible for losses in critical applications.
If MS had to cough up millions for every bank hack, you could be damn sure they would refine their code for such applications. Or, you know, go bankrupt. Either way, people win!
Microsoft software is not intended for use in critical applications, it says so in the license agreement.
If you're using it in such an environment you're in breach of the terms and so the liability comes back to you. Plus MS will sue you for pirating their software.
