Windows 10 0day exploit goes wild, and so do Microsoft marketers
February 6, 2017
Seid Yassin (557 articles)

Windows 10 0day exploit goes wild, and so do Microsoft marketers

There’s a zero-day exploit in the wild that exploits a key file-sharing protocol in most supported versions of Windows, including Windows 10, the latest and most secure version of the Microsoft operating system. The exploit is probably not worth worrying about, but you’d never know that based on the statement Microsoft officials issued on Thursday when asked what kind of threat the exploit poses:

“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible,” an unnamed spokesperson replied in an e-mail. “We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

An employee at Microsoft’s outside PR firm, WE Communications, wouldn’t explain why the statement advised customers to use Windows 10 and Edge when the exploit works on all versions of Windows and doesn’t require that targets use a browser. Ars reminded the employee that an advisory issued hours earlier by the CERT Coordination Center at Carnegie Mellon University warned that the vulnerability might leave Windows users open to code-execution attacks.

Ars pressed the employee several more times for details that would allow Windows users to assess the risk they faced and learn of any potential workarounds. She declined. As is almost always the case with security-related questions from reporters, people inside Microsoft declined to be interviewed.

Source | arstechnica