News
Microsoft will not clarify whether it has suffered spyware attacks
The exploited vulnerabilities affected two of the most popular open-source libraries.
- October 6, 2023
- Updated: July 2, 2025 at 1:02 AM
Microsoft has recently released patches to fix vulnerabilities in two popular open-source libraries used in many of its products, such as Skype, Teams, and the Edge internet browser. These vulnerabilities could have been exploited by zero-day spyware to steal data from infected users. Although Microsoft has attempted to promptly cover any security loopholes, the company has not made any official statements or explanations regarding whether these vulnerabilities have been exploited. There has been no indication whether the company is aware of any instances where spyware might have entered any of the applications. Similarly, Sony has also refrained from making statements in this regard.
Incredibly dangerous vulnerabilities
Both vulnerabilities were discovered about a month ago and were exploited through spyware programs, as explained by researchers from Google and Citizen Lab. These vulnerabilities exist in the webp and libvpx libraries, both integrated into browsers, applications, and smartphones to process various multimedia files. Due to their widespread use, these vulnerabilities compromised the security of multiple applications almost entirely. A warning was quickly issued, urging all potential targets to update their products and enhance security measures.
In a brief statement on October 2nd, Microsoft publicly announced that the zero-day vulnerabilities had been fixed and that a security layer had been integrated into all their products. Microsoft acknowledged that these vulnerabilities were indeed present in both libraries. However, when asked if these vulnerabilities had been exploited and if any systems had been attacked, the Microsoft representative declined to answer the question. To some extent, this decision makes sense, as alarming users at this point might not be helpful. However, on the other hand, it is crucial for the affected individuals (if any) to know the extent to which their security or sensitive information has been compromised.
Latest from Guillermo Proupín
You may also like
NewsBungie announces a new beta for Marathon, although analysts are not very sure about the game's future
Read more
NewsThe developers of Vampire: The Masquerade — Bloodlines 2 did not want to call their game Bloodlines
Read more
NewsA player wants to check if the players of Arc Raiders are really peaceful… playing completely naked
Read more
NewsThe developers of Helldivers 2 are working on their new game and already have a clear idea of what it will be like
Read more
NewsCarrie by Mike Flanagan promises to be the most faithful adaptation of Stephen King's novel to date
Read more
NewsTwenty years ago, the series premiered on HBO that would pave the way for Game of Thrones and The Last of Us
Read more