Google Discloses Windows 10 Bug Under 'Active Attack'; Microsoft Working on Fix

On Monday, Google?s Threat Analysis Group published details of a critical vulnerability in Microsoft?s Windows 10 that allows hackers to escape security sandboxes by using a system call with win32k.sys. The reason Google chose to go public with this knowledge is because it believes the vulnerability is being ?actively exploited?.
Google had informed both Adobe and Microsoft of zero-day vulnerabilities only 10 days ago on October 21. While Adobe has already issued a patch for Flash ? which is available via auto-updater or manual install ? Microsoft has yet to send out an update for Windows 10 that blocks the use of this mechanism. And hence, as you?d expect, Microsoft isn?t happy with the disclosure.
?We believe in coordinated vulnerability disclosure, and today?s disclosure by Google puts customers at potential risk,? Microsoft conveyed to VentureBeat via a statement. ?Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.?
Google?s short disclosure period for "vulnerabilities under active attack" came into effect in May 2013, bringing it down from 60 days to just a week. Google noted that 7 days might be ?an aggressive timeline and may be too short for some vendors to update their products? but it justified the urgency of its disclosures by saying that it?s still enough time to inform users and give some advice.
Issuing a fix for a web plug-in such as Adobe Flash is obviously much easier than patching an operating system, which is why Google?s policy for vulnerabilities under active attack has remained controversial. For now, you should check to see Flash is updated and install Windows patches the moment Microsoft issues them.

Related posts

Latest News

The Xiaomi Redmi 4 has been rumoured and tipped for quite a while. Specification

Google, a hitherto parsimonious outsourcer of software services work, has start

WhatsApp is gradually rolling out the long anticipated contact mentions the feat

One big grouse that many have with the Apple's latest laptop -- MacBook Pro -- i

Remember Facebook?s Lifestage app, which essentially meant its social media app

Facebook will allow more content on its platform that it would have earlier remo

Sony said Tuesday its fiscal first half net profit dived owing to a sharp rally

Xolo has rolled out Android Marshmallow update Era 4G smartphone. The update is

The oft-leaked Moto M and the recently-unveiled Lenovo P2 are reportedly due to

In a bid to protect users, Google has disclosed details about a critical Windows