According to the British "Daily Mail" reported on April 27th, Microsoft finally fixes word security vulnerabilities. The Word risk vulnerabilities allow hackers can take advantage of the insertion of malicious software on the word links in the document, and no sound to monitor and control the user's computer.
Although 9 months later, Microsoft finally fixes the vulnerability in April 11th, but the network security experts still believe that for a technology giant company is not satisfactory. In the same industry, Google security researchers in the release of its findings before the defect, giving the supplier 90 days warning. However, Microsoft did not respond to the issue of the timing of the general vulnerability to respond.
Last July, a graduate of Idaho State University graduate as a consultant in the United States Optiv company Ryan Hanson Word found a defect in another format, through this loophole, he can easily insert a computer can control others malware links. At the same time, he said on twitter that he spent months in combination with other vulnerabilities, which greatly increased the threat. So he reported the vulnerability to Microsoft in October, usually the user will receive thousands of dollars as a reward.
The user when setting up Word to quickly change the options can make holes in force, but if Microsoft push inform users about the error and the solution is tantamount to hackers opened convenient ways. Microsoft could have chosen to add a fix for the vulnerability in monthly software updates, but it's not just not doing it right away but getting deeper. Microsoft does not seem to realize that any user can use the Hanson approach, but want to find a more comprehensive solution.
The incident also revealed that the current and sharp growth in the interests of Microsoft and the entire software industry as a result of the security issues do not seem to be proportional to.