Skip to main content

Microsoft won’t say if its products were exploited by spyware zero-days

posted onOctober 4, 2023
by l33tdawg
Tech Crunch
Credit: Tech Crunch

Microsoft has released patches to fix zero-day vulnerabilities in two popular open-source libraries that affect several Microsoft products, including Skype, Teams, and its Edge browser. But Microsoft won’t say if those zero-days were exploited to target its products, or if the company knows either way.

The two vulnerabilities — known as zero-days since developers had no advance notice to fix the bugs — were discovered last month, and both bugs have been actively exploited to target individuals with spyware, according to researchers at Google and Citizen Lab.

The bugs were discovered in two common open-source libraries, webp and libvpx, which are widely integrated into browsers, apps and phones to process images and videos. The ubiquity of these libraries coupled with a warning from security researchers that the bugs were abused to plant spyware prompted a rush by tech companies, phone makers, and app developers to update the vulnerable libraries in their products.

Source

Tags

Microsoft Industry News

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th