Microsoft Word flaw took so long to fix that hackers used it to send fraud software to millions of computers – Telegraph.co.uk
A flaw in Microsoft Word took the tech giant so long to fix that hackers were able to use it to send fraud software to millions of computers, it has been revealed.
The security flaw, officially known as CVE-2017-0199,Â could allow a hacker to seize control of a personal computer with little trace, and was fixed on April 11 in Microsoft’s regular monthly security update – nine months after it was discovered.
A six-month delay is bad but not unheard of, said Marten Mickos, chief executive of HackerOne, which co-ordinates patching efforts between researchers and vendors.
“Normal fixing times are a matter of weeks,” Mickos said.Â Microsoft Corp declined to say how long it usually takes to patch a flaw.
While Microsoft investigated, hackers found the flaw and manipulated the software to spy on unknown Russian speakers, possibly in Ukraine, and a group of thieves used it to bolster their efforts to steal from millions of online bank accounts in Australia and other countries.