Back to Articles

Microsoft Plagued by Recent Rash of Zero Days

4/17/2017

Collection of zero days was capable of subverting fully-patched systems.

The collection of zero days recently released by the Shadow Brokers contained numerous tools specifically designed to gain control of Microsoft systems.  Many of the zero days affected fully patched systems, though were more successful against older operating systems.  Recent patches by Microsoft in March covered several of the security holes opened by the Shadow Broker set of zero days, but one particular vulnerability, seemingly unrelated to those released by the malicious entity, allowed a remote callback just by opening a malicious Microsoft Word document.  This vulnerability has since been patched, but raises questions about the timeliness of updating your systems, and the overallpracticality of a 'ship now, patch later' mentality.

For more information and discussion about the Shadow Broker Breach, try here.

For more information about the Microsoft Word vulnerability, try here.

NIATEC National Science Foundation Information Assurance Directorate Department of Homeland Security CISSE Scholarship For Service