Microsoft Internal Vulnerability System Breached in 2013, Went Unreported
mlnews last edited by
One of the commonly stated dangers of closed source software is that bugs may not be made public and they might not get closed as there is little customer pressure to demand that non-public vulnerabilities be handled. In 2013, Microsoft's internal list of the vulnerabilities known to them was stolen in a hacking breach, but MS kept this information secret. Later, these known vulnerabilities were used in attacks on Windows machines, only in some cases had those vulnerabilities been closed. Meaning that Microsoft had known known security holes, known exposure and disclosure of those holes, and failed to alert customers or to close them before attacks happened.
Tim_G last edited by
coliver last edited by
Seems like par for the course...
Reid Cooper last edited by
Total fail, but not really a surprise.
dbeato last edited by
Nowadays they wouldn't get away on this. Maybe Troy Hunt will say something