Google Discloses Windows 10 Bug Under 'Active Attack'; Microsoft Working on Fix

Google Discloses Windows 10 Bug Under 'Active Attack'; Microsoft Working on Fix
Highlights
  • Windows 10 vulnerability is win32k.sys system call
  • Google said it's being "actively exploited"
  • Microsoft is unhappy with Google going public before patch

On Monday, Google’s Threat Analysis Group published details of a critical vulnerability in Microsoft’s Windows 10 that allows hackers to escape security sandboxes by using a system call with win32k.sys. The reason Google chose to go public with this knowledge is because it believes the vulnerability is being “actively exploited”.

Google had informed both Adobe and Microsoft of zero-day vulnerabilities only 10 days ago on October 21. While Adobe has already issued a patch for Flash – which is available via auto-updater or manual install – Microsoft has yet to send out an update for Windows 10 that blocks the use of this mechanism. And hence, as you’d expect, Microsoft isn’t happy with the disclosure.

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” Microsoft conveyed to VentureBeat via a statement. “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

Google’s short disclosure period for "vulnerabilities under active attack" came into effect in May 2013, bringing it down from 60 days to just a week. Google noted that 7 days might be “an aggressive timeline and may be too short for some vendors to update their products” but it justified the urgency of its disclosures by saying that it’s still enough time to inform users and give some advice.

Issuing a fix for a web plug-in such as Adobe Flash is obviously much easier than patching an operating system, which is why Google’s policy for vulnerabilities under active attack has remained controversial. For now, you should check to see Flash is updated and install Windows patches the moment Microsoft issues them.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Akhil Arora covers entertainment for Gadgets 360, interviewing stars such as Christian Bale and Anurag Kashyap, covering series premieres, product and service launches across the globe, and looking at American blockbusters and Indian dramas from a global socio-political and feminist perspective. As a Rotten Tomatoes-certified film critic, Akhil has reviewed over 150 movies and TV shows in over half a decade at Gadgets 360. When he is not completely caught up with new film and TV releases, Akhil ...More
Some Nexus 6P Users Reporting Battery Failure Issue on Android 7.0 Nougat
How Apple Lost Last Week to Microsoft

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment
 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on JioSaavn.com