Google has revealed a major vulnerability in Mincrosoft Windows that puts users at risk. The announcement came on Monday, 10 days after the flaw was officially reported to Microsoft. Google said it went public because Microsoft didn’t issue a fix or acknowledge the vulnerability in its operating system.
According to Google in a blog post, the security issue is being actively exploited and has to be made public because of its 7-day policy given to companies to fix discovered security issues which are being actively exploited.
“ After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.
According the report by Google, a Windows file called Win32k.sys which is one of the files needed for displaying graphics can be exploited by hackers to create a “security sandbox escape.” Once exploited, this can be used to gain access to other unrelated computer functions to disrupt normal operations.
However, Microsoft doesn’t appear to be particularly pleased with this disclosure. In a statement released to BBC, Microsoft said:
‘ We disagree with Google’s characterisation of a local elevation of privilege as ‘critical’ and ‘particularly serious’ since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week. Additionally, our analysis indicates that this specific attack was never effective in the Windows 10 Anniversary Update due to security enhancements previously implemented.
No comments:
Post a Comment