In March 2014, we observed a patched Adobe Flash vulnerability (CVE-2015-0336) being exploited in the wild. Adobe released the patch on March 12, 2014, and exploit code using this vulnerability first appeared about a week later. To help stay protected: Keep your Microsoft security software, such as Windows Defender for Windows 8.1 up-to-date.
A vulnerability disclosure, as the term is used in the Microsoft Security Intelligence Report, is the revelation of a software vulnerability to the public at large. Disclosures can come from a variety of sources, including publishers of the affected software, security software vendors, independent security researchers, and even malware creators.
One of the questions I get asked from time to time is about the days of risk between the time that a vulnerability is disclosed and when we first see active exploitation of it; i.e. how long do organizations have to deploy the update before active attacks are going to happen?
Back in April I published a post about the end of support for Windows XP called The Countdown Begins: Support for Windows XP Ends on April 8, 2014.
