On Monday, Google?s Threat Analysis Group published details of a critical vulnerability in Microsoft?s Windows 10 that allows hackers to escape security sandboxes by using a system call with win32k.sys. The reason Google chose to go public with this knowledge is because it believes the vulnerability is being ?actively exploited?.
Google had informed both Adobe and Microsoft of zero-day vulnerabilities only 10 days ago on October 21. While Adobe has already issued a patch for Flash ? which is available via auto-updater or manual install ? Microsoft has yet to send out an update for Windows 10 that blocks the use of this mechanism. And hence, as you?d expect, Microsoft isn?t happy with the disclosure.
?We believe in coordinated vulnerability disclosure, and today?s disclosure by Google puts customers at potential risk,? Microsoft conveyed to VentureBeat via a statement. ?Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.?
Google?s short disclosure period for "vulnerabilities under active attack" came into effect in May 2013, bringing it down from 60 days to just a week. Google noted that 7 days might be ?an aggressive timeline and may be too short for some vendors to update their products? but it justified the urgency of its disclosures by saying that it?s still enough time to inform users and give some advice.
Issuing a fix for a web plug-in such as Adobe Flash is obviously much easier than patching an operating system, which is why Google?s policy for vulnerabilities under active attack has remained controversial. For now, you should check to see Flash is updated and install Windows patches the moment Microsoft issues them.
Apple wants to move the internet from your pocket to your wrist. Time will tell
Fcebook has announced a new feature that will enable users to interact further w
Acer has launched its Revo Base mini PC at a pre IFA 2016 event. The company cla
Google might be testing a redesigned Chrome browser for Android smartphones that
Uber Technologies Inc said on Tuesday it would partner with car-sharing service
The world's largest IT storage company EMC, is in the race for developing smart
Xiaomi's Mi Note 2 smartphone has been rumoured for quite some time now. The una
India is one of the fastest growing markets for Google's enterprise business and
Leading Indian tech-giant Tata Consultancy Services, today announced that its UK
Information and communications technology (ICT) solutions provider Huawei launch