SAN FRANCISCO — Hackers took advantage of an Equifax security vulnerability two months after an industry group discovered Vulnerability-related.DiscoverVulnerability the coding flaw and shared Vulnerability-related.PatchVulnerability a fix for it , raising questions about why Equifax did n't update Vulnerability-related.PatchVulnerability its software successfully when the danger became known . A week after Equifax revealed one of the largest breaches Attack.Databreach of consumers ' private financial data in history — 143 million consumers and access Attack.Databreach to the credit-card data of 209,000 — the industry group that manages the open source software in which the hack occurred blamed Equifax . `` The Equifax data compromise Attack.Databreach was due to ( Equifax 's ) failure to install the security updates provided Vulnerability-related.PatchVulnerability in a timely manner , '' The Apache Foundation , which oversees the widely-used open source software , said in a statement Thursday . Equifax told USA TODAY late Wednesday the criminals who gained access Attack.Databreach to its customer data exploited Vulnerability-related.DiscoverVulnerability a website application vulnerability known as Vulnerability-related.DiscoverVulnerability Apache Struts CVE-2017-5638 . The vulnerability was patched Vulnerability-related.PatchVulnerability on March 7 , the same day it was announced Vulnerability-related.DiscoverVulnerability , The Apache Foundation said . Cybersecurity professionals who lend their free services to the project of open-source software — code that 's shared by major corporations and that 's tested and modified by developers working at hundreds of firms — had shared their discovery with the industry group , making the risk and fix known to any company using the software . Modifications were made on March 10 , according to the National Vulnerability Database . But two months later , hackers took advantage of the vulnerability to enter the credit reporting agency 's systems : Equifax said the unauthorized access began in mid-May . Equifax did not respond to a question Wednesday about whether the patches were applied Vulnerability-related.PatchVulnerability , and if not , why not . `` We continue to work with law enforcement as part of our criminal investigation and have shared indicators of compromise with law enforcement , '' it said . It should have have acted faster to successfully deal with the problem , other cybersecurity professionals said . `` They should have patched Vulnerability-related.PatchVulnerability it as soon as possible , not to exceed a week . A typical bank would have patched Vulnerability-related.PatchVulnerability this critical vulnerability within a few days , ” said Pravin Kothari , CEO of CipherCloud , a cloud security company . Federal regulators are now investigating whether Equifax is at fault . The Federal Trade Commission and the Consumer Financial Protection Bureau have said they 've opened probes into the hack . So far dozens of state attorneys general are investigating the breach , and on Tuesday Massachusetts Attorney General Maura Healey said she plans to sue the company for violating state consumer protection laws . More than 23 class-action lawsuits against the company have also been proposed . Proof that Equifax failed to protect customers , particularly when it had the tools and information to do so , is likely to further damage Equifax 's financial outlook . Shares fell 2.5 % Thursday after news of the FTC probe and are down 33 % since it revealed the link .

Yesterday , on Microsoft ’ s Patch Tuesday the company released Vulnerability-related.PatchVulnerability its monthly security patches that fixed Vulnerability-related.PatchVulnerability 62 security flaws . These fixes also included a fix for a zero-day vulnerability that was under active exploitation before these patches were made available Vulnerability-related.PatchVulnerability . Microsoft also announced the re-release of its Windows 10 version 1809 and Windows Server 2019 . Microsoft credited Kaspersky Lab researchers for discovering Vulnerability-related.DiscoverVulnerability this zero-day , which is also known as Vulnerability-related.DiscoverVulnerability CVE-2018-8589 and impacts Vulnerability-related.DiscoverVulnerability the Windows Win32k component . A Kaspersky spokesperson told ZDNet , “ they discovered Vulnerability-related.DiscoverVulnerability the zero-day being exploited Vulnerability-related.DiscoverVulnerability by multiple cyber-espionage groups ( APTs ) . ” The zero-day had been used to elevate privileges on 32-bit Windows 7 versions . This is the second Windows elevation of privilege zero-day patched Vulnerability-related.PatchVulnerability by Microsoft discovered Vulnerability-related.DiscoverVulnerability by Kaspersky researchers . Last month , Microsoft patched Vulnerability-related.PatchVulnerability CVE-2018-8453 , another zero-day that had been used by a state-backed cyber-espionage group known as FruityArmor . However , in this month ’ s Patch Tuesday , Microsoft has not patched Vulnerability-related.PatchVulnerability a zero-day that is affecting Vulnerability-related.DiscoverVulnerability the Windows Data Sharing Service ( dssvc.dll ) . This zero-day was disclosed Vulnerability-related.DiscoverVulnerability on Twitter at the end of October . According to ZDNet , “ Microsoft has published this month a security advisory to instruct users on how to properly configure BitLocker when used together with solid-state drives ( SSDs ) . ” As reported by Microsoft , the Windows 10 October 2018 update caused user ’ s data loss post updating . Due to this , the company decided to pause the update . However , yesterday , Microsoft announced that it is re-releasing Windows 10 version 1809 . John Cable , the director of Program Management for Windows Servicing and Delivery at Microsoft said , “ the data-destroying bug that triggered that unprecedented decision , as well as other quality issues that emerged during the unscheduled hiatus , have been thoroughly investigated and resolved. ” Microsoft also announced the re-release of Windows Server 2019 , which was affected Vulnerability-related.DiscoverVulnerability by the same issue . According to ZDNet , “ The first step in the re-release is to restore the installation files to its Windows 10 Download page so that “ seekers ” ( the Microsoft term for advanced users who go out of their way to install a new Windows version ) can use the ISO files to upgrade PCs running older Windows 10 versions. ” Michael Fortin , Windows Corporate Vice President , in a blog post , offered some context behind the recent issues and announced changes to the way the company approaches communications and also the transparency around their process . Per Fortin , “ We obsess over these metrics as we strive to improve product quality , comparing current quality levels across a variety of metrics to historical trends and digging into any anomaly. ” To know more about this in detail , visit Microsoft ’ s official blog post .