News

Microsoft: Early publication Windows leak by Google poses user risk

By admin
Spread the love

Microsoft has criticized the early publication of a critical Windows leak by Google. The company described the vulnerability on its blog, ten days after it was reported to Microsoft. The vulnerability is said to be actively used by malicious parties.

Microsoft said in a statement to Venture Beat that “it believes in coordinated vulnerability reporting and its publication by Google poses a potential risk to users.” Google describes the vulnerability on its own security blog. There, the company states that it reported zero day vulnerabilities to both Adobe and Microsoft on October 21. Five days later, Adobe released a patch for the Flash vulnerability identified as CVE-2016-7855. Microsoft did not release a patch.

Google goes on to say that it has therefore proceeded to publish, which is in line with its policy for reporting vulnerabilities in active use. For this, the search giant uses seven days instead of the usual sixty days to develop a patch. The Windows vulnerability is a method that allows a local attacker to escape the sandbox through privilege escalation. Google also describes the win32k.sys system call with which the vulnerability can be used, but does not go into further details.

Sources tell Venture Beat that the Windows vulnerability can only be used in conjunction with the Flash vulnerability. Google recommends that users update Flash and run Windows patches as they become available.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses