from PopSci.com.au: Buggy software
isn't just annoying-the right compromised code can leave private
information vulnerable to clever hackers for as long as the problem is
unnoticed. The only thing that could make bugs worse? Government
agencies gaining access to the vulnerabilities before everyone else, and
using spies to exploit them.
Before Microsoft releases a public patch of to a
software bug, it passes along that information to U.S. intelligence
agencies, say two sources familiar with the program.
Best case scenario, this information is used to protect critical
government online infrastructure first, making sure that vital functions
are the most secure. The official line from Microsoft is that this
gives government "an early start" in stopping risks. But it also gives
government agencies a window to exploit these gaps for intelligence
Microsoft software is both widely used and infamous for its bugs. Just this week, Microsoft released a patch designed to cover an image file exploit that let hackers look at special information. Disclosed in May,
there's an exploit in Microsoft Office that could give an attacker a
foot in the door to gaining full access to the attacked computer.
Microsoft is a huge company; that there are constantly new bugs being
discovered isn't that surprising. Sometimes major software is released
with "day-zero" bugs, like Internet Explorer 8, or Windows 8, or every version of Windows ever. It's a problem for all of the online world that uses Windows, and leaves an insecure ecosystem of software.
It's one thing to struggle with a product full of security
vulnerabilities and potential for exploits. Handing that information
over to the government first? Forget PRISM, this is real super-villain stuff.