Yesterday, Microsoft announced MS14-021, addressing CVE-2014-1776 on many versions of Internet Explorer (IE) including Windows XP.
The patch was headline news even in business publications like the Chicago Tribune and drove a swift reversal in online sentiment.
Starting from zero-day, sentiment involving Microsoft and this vulnerability rapidly soured as reporting of the IE vulnerability gained traction. This timeline only visualizes reports published before the Microsoft patch announcement.
CLICK IMAGE FOR LARGER VIEW
After the patch announcement, we observed a swift and significant positive impact on sentiment. This timeline includes forward looking references published on Thursday, May 1, the day MS14-021 was announced.
CLICK IMAGE FOR LARGER VIEW
Also Noteworthy
Two detailed analyses of the exploit mechanism are published by HP Security Research and Sourcefire Vulnerability Research Team.
DHS CERT identifies spearphishing as the vector of the targeted attacks.
And, poor wording in our previous post suggested CVE-2014-1776 specifically increased risks to ATMsand other systems based on Windows XP, versus increased risks simply from XP end of support. But is targeting IE vulnerabilities in ATMs actually a valid risk, or just a paranoid fantasy? We enjoyed this tweet exchange.
'malware ' 카테고리의 다른 글
| The Bear is Back Part Deux: Natural Gas as a Geopolitical Tool (0) | 2014.05.07 |
|---|---|
| Putting Unrest in Ukraine’s West in Perspective (0) | 2014.05.03 |
| Hunting Hidden Lynx: How OSINT is Crucial for APT Analysis (0) | 2014.05.03 |
| The Vulnerability: Internet Explorer CVE-2014-1776 (0) | 2014.05.03 |
| Fiesta Exploits Kit Targeting High Alexa-Ranked Site (0) | 2014.04.09 |