Feeds

back to article Microsoft sees spike in attacks targeting 0day Windows bug

The number of malicious attacks exploiting an unpatched vulnerability in older versions of Windows has mushroomed over the past week, prompting Microsoft to warn customers to deploy countermeasures until an update is released. Microsoft said on Wednesday that its security team has detected more than 10,000 distinct computers …

COMMENTS

This topic is closed for new posts.
Linux

They forgot one countermeasure

The one where you wipe windows for ever and replace it with something better.

3
1

Title!

Amen to that.

The only reason I read articles about windows exploits is to first keep up with the IT world for work, and second to have a good laugh after morning coffee.

0
0
WTF?

Just to point out...

... that by definition, a 0day exploit can't really have been around longer than a day!

0
0
Silver badge

Just a reminder

A 0-day exploit is an exploit that has just been discovered and, as a direct consequence, has not yet received a correction or workaround.

Sure, it is best to exploit it on the first day of discovery, but until a patch is out, it is still a valid exploit.

And, with Microsoft, it can be a valid exploit for years.

0
0
Boffin

A moderate approach

Immediate full disclosure can cause problems, as in this case. But companies often need a bit of prodding before they take action. Neither extreme of disclosure is always appropriate. I think the best approach is to initially only notify the software developer, and give them a reasonable amount of time to respond.

If they don't, publicize that the vulnerability exists, but not all the details of how to exploit it. If this still doesn't trigger any action, disclose the full details.

Hopefully, the developer will address the issue promptly. Once a fix has been released, then disclose everything. This will pose a negligible risk to anyone who keeps their systems up-to-date, and still satisfy the principle of openness.

0
0
FAIL

How proud he must be

Is it time for the class action suit yet?

0
0
Anonymous Coward

Against who?

Microsoft or Google?

The latter can always reuse the "rogue engineer" story

0
0
Bronze badge

yah i noticed

Most of them try to be spamming forums !!!

0
0
Anonymous Coward

The problem...

is that its all well and good Microsoft saying that they've published an advisory about this and given details of how to work round it (hacking the registry is one of the ways) but the average user who is going to get caught out by this is going to be a home PC user and how many of those do you know who read the security bulletins.

0
0
This topic is closed for new posts.