There’s a zero-day exploit in the wild that exploits a key file-sharing protocol in most supported versions of Windows, including Windows 10, the latest and most secure version of the Microsoft operating system. The exploit is probably not worth worrying about, but you’d never know that based on the statement Microsoft officials issued on Thursday when asked what kind of threat the exploit poses:
“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible,” an unnamed spokesperson replied in an e-mail. “We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
An employee at Microsoft’s outside PR firm, WE Communications, wouldn’t explain why the statement advised customers to use Windows 10 and Edge when the exploit works on all versions of Windows and doesn’t require that targets use a browser. Ars reminded the employee that an advisory issued hours earlier by the CERT Coordination Center at Carnegie Mellon University warned that the vulnerability might leave Windows users open to code-execution attacks.
Read 8 remaining paragraphs | Comments