News

Microsoft closes leak in Windows discovered by Google

By admin
Spread the love

Microsoft has released a patch for a Windows vulnerability that Google published last week. Malicious persons could obtain a private escalation through that leak. The vulnerability is actively exploited through spearphishing attacks.

The patch’s security bulletin is labeled MS16-135, and the update addresses a vulnerability in nearly all supported versions of Windows, starting with Vista. Only users of Windows 10 Anniversary Update in combination with a browser that has been updated to the latest version are not vulnerable.

In its security bulletin, Microsoft states that the update addresses multiple vulnerabilities for increasing privileges. The privilege escalation was possible because of errors in the way the kernel was accessing memory addresses. An attacker was able to circumvent the address space layout randomization with an exploit. To exploit this, the attacker would have to trick a logged-in user into installing a specially crafted application.

Google revealed the vulnerability last week, along with another component that could be used in an attack, related to a vulnerability in Adobe’s Flash. Microsoft criticized Google for the short period between discovery and publishing: Microsoft was given ten days to release a patch. According to Microsoft, the zero-day was actively abused, albeit on a small scale, by a Russian group that was also responsible for politically oriented attacks in the US.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway