Science

Microsoft finally solves its bug problem, nine months after discovery

28 Apr 2017 | By Anish Chakraborty
Microsoft long-due fix gives hackers a free rein

When a Windows bug without a fix is on the prowl, mayhem is inevitable.

CVE-2017-0199, a bug discovered on Microsoft Word had the capability to allow any hacker to enter into a computer, take control of it and exit without leaving any major trace.

What is surprising is the fact that even after being reported, it took Microsoft nine months to fix it.

In context: Microsoft long-due fix gives hackers a free rein

28 Apr 2017Microsoft finally solves its bug problem, nine months after discovery

BugThe bug was discovered way back in July 2016

A weakness in the processing of files in other formats led University graduate, Ryan Hanson to the bug.

He found out that inserting a malicious program link in the Word document and sending it to someone, would enable him to control that user's computer once they click the link.

He worked on it for 6 more months before informing Microsoft.

Love Tech news?
Stay updated with the latest happenings.
The first bug attack targeted Russian speakers

RussiaThe first bug attack targeted Russian speakers

Eavesdropping software made by Gamma Group was infected into computers in Russia by this method enabling the hackers to take control of the targeted computers.

This act was perpetrated by sending the Word bug via emails posing as documents related to military issues of Russia and areas of Eastern Ukraine held by Russia-backed rebels.

GuffawMcAfee reveals the hack causing chaos

A set of attacks using the same bug was mentioned in a "quick but in-depth research" by McAfee while Microsoft was developing the fix.

They had informed Microsoft, but instead of waiting for the fix, published it and later said it was "a glitch in our communications with our partner Microsoft"

The blog divulged details, giving an opportunity to others to mimic the attacks.

LatenbotFinancial accounts were also risked

Following the hacks in Russia, financial accounts across the world were also under threat by the same bug according to security researchers at FireEye Inc.

FireEye Inc found out about a hacking software named Latenbot, aimed at hacking financial accounts, was being distributed using the Microsoft bug.

Microsoft finally took notice and started working on fixing the problem.

AttacksMajor attacks could have been avoided with timely intervention

Cyber security experts opined that 9 months to solve a bug problem is unusually long for Microsoft and the latter upon prodding, declined to reveal the time period which it usually takes to solve a security flaw.

The company, however, accepted that had the process not been so complicated, it could have solved the bug six months ago with a change in settings.

Love Tech news?
Stay updated with the latest happenings.

DelayThe actual reason behind the delay

Microsoft stated that if they informed users about the bug earlier then it would have also exposed the flaw to other hackers, who would have caused more damage than the damage at hand.

The tech giant wanted to dig deeper for a comprehensible solution than a quick fix.

Therefore, the idea of including a patch in monthly updates was also scrapped.