Windows kernel This vulnerability allows attackers to escalate local privileges in the the secure “sandbox” due to an error in the win32k.sys file. As a rule, after discovering a vulnerability, information security specialists give developers 90 days to fix the problem, or at least 60 days if the problem is critical. However, this time Google specialists wait a little more than a week, since attackers are already exploiting the discover vulnerability.
In 2013, Google adopt a new Windows kernel
Security policy that allows the catalan email list 100000 contact leads company to disclose vulnera bilities in other products seven days after they are report to developers. Some researchers have criticiz Google’s policy, saying it is too short a time frame to properly patch complex vulnerabilities.
It is impossible to know from
Google’s publication how exactly computers are hack using this vulnerability, but the fact that it was disclos could prompt cybercriminals to search for additional information and detail instructions on how to hack.
The issue was discover on October 21, after which the Google Threat Analysis Group team immiately notifi Microsoft. Despite this, Microsoft has not yet releas a fix that would eliminate the error in the win32k.sys file. It should be not that the vulnerability was also discover in Adobe software on the same day, but this company releas a corresponding update for Flash on October 26.
This isn’t the first time
Google has disclos aero leads information about Windows vulnerabilities before Microsoft releases updates. For example, two years ago, Google releas details about a critical issue in Windows 8.1.
Microsoft was not happy with would you like to supersize Google’s publication this time either. VentureBeat quotes a Rmond company representative as saying: “Today’s disclosure of a vulnerability on Google’s blog poses a potential risk to customers. We recommend our customers use Windows 10 and the Microsoft ge browser for the best protection.”