On Monday, Google?s Threat Analysis Group published details of a critical vulnerability in Microsoft?s Windows 10 that allows hackers to escape security sandboxes by using a system call with win32k.sys. The reason Google chose to go public with this knowledge is because it believes the vulnerability is being ?actively exploited?.
Google had informed both Adobe and Microsoft of zero-day vulnerabilities only 10 days ago on October 21. While Adobe has already issued a patch for Flash ? which is available via auto-updater or manual install ? Microsoft has yet to send out an update for Windows 10 that blocks the use of this mechanism. And hence, as you?d expect, Microsoft isn?t happy with the disclosure.
?We believe in coordinated vulnerability disclosure, and today?s disclosure by Google puts customers at potential risk,? Microsoft conveyed to VentureBeat via a statement. ?Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.?
Google?s short disclosure period for "vulnerabilities under active attack" came into effect in May 2013, bringing it down from 60 days to just a week. Google noted that 7 days might be ?an aggressive timeline and may be too short for some vendors to update their products? but it justified the urgency of its disclosures by saying that it?s still enough time to inform users and give some advice.
Issuing a fix for a web plug-in such as Adobe Flash is obviously much easier than patching an operating system, which is why Google?s policy for vulnerabilities under active attack has remained controversial. For now, you should check to see Flash is updated and install Windows patches the moment Microsoft issues them.
Lenovo India started rolling out an update to the Vibe K5 Note that brings 4G Vo
The tablet market shrank in the recently-ended quarter, as shipments of bargain-
Sony may have broke the news during its E3 presser that GTA 5 is headed to the P
South Korea's LG Display Co Ltd on Wednesday said it expects strong fourth-quart
Acer has launched its Revo Base mini PC at a pre IFA 2016 event. The company cla
US tech giant Dell has expanded its product line-up in India with the launch of
Xolo has rolled out Android Marshmallow update Era 4G smartphone. The update is
Indian smartphone maker Zen Mobiles has launched its latest budget 3G smartphone
Putting a premium on premium, HP has overhauled its flagship Envy and Spectre de
The Events app tailored for iPhones hit Apple's online shop, with a version "com