본문 바로가기

malware

Evidence: Emergency Patching Sways Community Sentiment

728x90

Yesterday, Microsoft announced MS14-021, addressing CVE-2014-1776 on many versions of Internet Explorer (IE) including Windows XP.

The patch was headline news even in business publications like the Chicago Tribune and drove a swift reversal in online sentiment.

Starting from zero-day, sentiment involving Microsoft and this vulnerability rapidly soured as reporting of the IE vulnerability gained traction. This timeline only visualizes reports published before the Microsoft patch announcement.

From Zero-Day to Patch Announcement Sentiment

CLICK IMAGE FOR LARGER VIEW

After the patch announcement, we observed a swift and significant positive impact on sentiment. This timeline includes forward looking references published on Thursday, May 1, the day MS14-021 was announced.

Response to Patch Announcement Sentiment

CLICK IMAGE FOR LARGER VIEW

Also Noteworthy

Two detailed analyses of the exploit mechanism are published by HP Security Research and Sourcefire Vulnerability Research Team.

DHS CERT identifies spearphishing as the vector of the targeted attacks.

And, poor wording in our previous post suggested CVE-2014-1776 specifically increased risks to ATMsand other systems based on Windows XP, versus increased risks simply from XP end of support. But is targeting IE vulnerabilities in ATMs actually a valid risk, or just a paranoid fantasy? We enjoyed this tweet exchange.

728x90