Google Discloses Windows 10 Bug Under 'Active Attack'; Microsoft Working on Fix

On Monday, Google?s Threat Analysis Group published details of a critical vulnerability in Microsoft?s Windows 10 that allows hackers to escape security sandboxes by using a system call with win32k.sys. The reason Google chose to go public with this knowledge is because it believes the vulnerability is being ?actively exploited?.
Google had informed both Adobe and Microsoft of zero-day vulnerabilities only 10 days ago on October 21. While Adobe has already issued a patch for Flash ? which is available via auto-updater or manual install ? Microsoft has yet to send out an update for Windows 10 that blocks the use of this mechanism. And hence, as you?d expect, Microsoft isn?t happy with the disclosure.
?We believe in coordinated vulnerability disclosure, and today?s disclosure by Google puts customers at potential risk,? Microsoft conveyed to VentureBeat via a statement. ?Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.?
Google?s short disclosure period for "vulnerabilities under active attack" came into effect in May 2013, bringing it down from 60 days to just a week. Google noted that 7 days might be ?an aggressive timeline and may be too short for some vendors to update their products? but it justified the urgency of its disclosures by saying that it?s still enough time to inform users and give some advice.
Issuing a fix for a web plug-in such as Adobe Flash is obviously much easier than patching an operating system, which is why Google?s policy for vulnerabilities under active attack has remained controversial. For now, you should check to see Flash is updated and install Windows patches the moment Microsoft issues them.

Related posts

Latest News

Micromax has experimented with phones in multiple price segments, either directl

Sony has launched the new KD-65Z9D 4K HDR TV in India, with a price tag of Rs. 5

This week didn't look good for Apple. Google's new Pixel phone launched to posit

Global tech giant Samsung has expanded its range of Chrome OS powered laptops b

Dell moved to the No 1 spot for server shipments in the second quarter of 2016,

HCP market in India dropped 4.7% sequentially in the second quarter of 2016 and

When the PlayStation VR goes on sale Thursday, it won't just be a test for Sony.

Microsoft at its October 26 NYC event introduced an upgraded version of its Surf

San Francisco: Microsoft on Wednesday unveiled its "Teams" tool for workplace co

Sony Corp cut its annual profit outlook due to losses related to the sale of its