Ever since Bill Gates launched the Trustworthy Computing strategy at Microsoft, the software company has done a good job at addressing security issues in a timely manner. Regular patching, complemented by out-of-cycle releases when critical issues are detected and resolved are now commonplace. So when news broke that it took Microsoft nine months to fix a serous flaw, it was something of a surprise to me.
The flaw, officially designated CVE-2017-0199, allows a remote hacker to invisibly take control of a system. It was used, after being reported to Microsoft, by hackers to spy on third parties and as part of a toolkit deployed to steal banking details. Users from across the world were affected.
Reuters has looked into the matter and spoken with a number of experts from security firms and Microsoft, piecing together story of why this flaw took so long to resolve and how it was used by threat actors.