Jump to content

Recommended Posts

Posted

Yesterday, we reported on a critical zero-day Windows vulnerability which is being actively exploited, and Microsoft has now given further details on this flaw (which was first revealed by Google) and assured users that it will be patched next week.

According to Terry Myerson, Executive VP, Windows and Devices Group at Microsoft, the company has coordinated efforts with Google and Adobe (there was also a Flash vulnerability highlighted) to concoct a patch for all versions of Windows.

This patch is now being tested, and will be rolled out next Tuesday, November 8.

As we noted yesterday, Microsoft wasn’t happy with Google’s public disclosure of the issue before a fix was implemented, and Myerson said: “Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”

Strontium dogs

Apparently the flaw has been actively used in a small-scale spear phishing campaign by a group called Strontium – more commonly known as ‘Fancy Bear’ these days, an organisation responsible for some high-profile hacks in the US targeting the likes of government agencies and other authorities.

Microsoft also took the time to clarify that those using the Edge browser with Windows 10 Anniversary Update are protected from the current strains of this attack spotted in the wild.

Yesterday, Google also noted that those running Chrome on Windows 10 were similarly protected.

The flaw itself was described by Google as a “local privilege escalation in the Windows kernel that can be used as a security sandbox escape”, meaning it allows an attacker to get around the system’s security sandbox in order to execute malicious code on the target machine.

Via: ZDNet

seyS-b6OwA8

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.