CheeseMan42 Posted November 1, 2016 Posted November 1, 2016 Google has revealed a critical security exploit that impacts Windows systems, ten days after informing Microsoft of the exploit. However, Microsoft has not yet issued a patch for the vulnerability which is described as "a local privilege escalation in the Windows kernel that can be used as a security sandbox escape." The vulnerability is being actively exploited which "means attackers have already written code for this specific security hole and are using it to break into Windows systems." Microsoft is not happy that Google revealed the exploit before it had a chance to fix it, with a spokesperson stating "We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk." Executive VP of the Windows and Devices group Terry Myerson added that the vulnerability doesn't impact Windows 10 Anniversary Update users and that a fix is expected on November 8. Source: Venture Beat Back to original news post Share this post Link to post Share on other sites More sharing options...
Randxalthor Posted November 2, 2016 Posted November 2, 2016 This is only news because Microsoft is trying to shift blame to Google. It has been Google's standard procedure to disclose vulnerabilities that already have active exploits in the wild 7 days after disclosing to the vendor. It's the ethical thing to do, as everyone is already at risk, and it lets security companies everywhere know to start compensating for the vulnerability until it is patched. Share this post Link to post Share on other sites More sharing options...
Recommended Posts