There's good reason to be careful, too. In elaborating Google's warning about active exploits, Microsoft reports that a group nicknamed Strontium has used the vulnerabilities in both Windows and Adobe Flash to run a "low-volume" phishing campaign. You probably won't be targeted by that group, but that's not the point. The company is concerned that attacks are not only in the wild, but that other hacking teams may take advantage of the data to launch their own hostile code. A week can be a long time in the security world, after all. While there's a chance that Google's rapid-fire public disclosure accelerated the patch, it might well have exposed people to unnecessary danger.

Update: A Microsoft spokesperson sent over the following statement, disagreeing with Google's initial characterization of the flaw.



Microsoft: