Skip to main content
close search
site logo
Dive Brief

Microsoft took 6 months to patch flaw, but hackers took just days to monetize it

Published April 28, 2017
By
Contributing Editor
Flickr user Nguyen Hung Vu

Dive Brief:

  • Microsoft took six months to fix a flaw known as CVE-2017-0199, reports ReutersMeanwhile, hackers used the flaw to launch attacks against online bank accounts in Australia and conduct other nefarious activities, according to Reuters interviews with cybersecurity research firms.

  • The flaw in Microsoft Word was first discovered by a consultant at a security firm last July and reported to Microsoft last October. While Microsoft investigated, hackers located the flaw and began exploiting it. 
    Early attacks stayed below the radar, but in March, security researchers at FireEye Inc. noticed the distribution of financial hacking software using the bug, according to the report.

  • Microsoft planned to fix the bug on April 11 as part of its regular security update. But before it could, researchers at McAfee saw some attacks using the flaw on April 6 and blogged about it on April 7. The post contained enough detail that other hackers were able to copy the attacks. By April 9, a program exploiting the flaw was available in underground markets, according to the report. 

Dive Insight:

The incident demonstrates how much harder it is for a company to fix flaws than it is for cybercriminals to take advantage of them. Microsoft took a cautious approach in not making the flaw public while it investigated and developed a patch it was sure would fix the problem. In doing so, Microsoft also gave hackers a window to find and leverage the flaw.

As cybercriminals become faster and more savvy, companies face an uphill battle in finding and fixing security flaws in a timely manner.

Earlier this month, the hacker group known as Shadow Brokers released a large number of would-be zero day exploits targeting older Windows computers. But in that case, Microsoft quickly reassured customers that the majority of the exploits had already been patched. It’s unclear how Microsoft was alerted to those exploits or how long they knew about them prior to patching them.

It’s yet another reminder of the importance of regularly updating software to ensure the latest, most secure version is utilized.  

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Newgen Software Receives Guidewire PartnerConnect Technology Excellence Award
From Newgen
January 02, 2025
Welo Data Launches Innovative Model Assessment Suite, Advancing Multilingual Causal Reasoning …
From Welocalize, Inc.
December 17, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.