Skip to main content

Google exposed Windows 10 security flaw, Microsoft responded

Windows 10

Recently, it has been reported that Google’s Project Zero – a team of security analysts – has exposed a security flaw in Windows 10 as Microsoft failed to fix the issue in the allotted 90-day period. The flaw has been marked as a “high” severity problem by Microsoft, which has also rated it as an important issue rather than a critical one.


In technical terms, the latest security flaw is an “Elevation of Privilege”, which basically allows a normal user to access the administrator functionalities. Let’s say if a file is read-only, through the exploit it can be made modifiable to the unprivileged users on the system.
As per the report, the flaw – labeled ‘1428’ – has been tested on Windows 10 version 1709. The security analyst who found this bug has attached a C++ code for evidence that creates a text file in the Windows folder, overwriting the security descriptor in such a way that grants access to everyone.
The security researcher states: “Some additional notes about this issue. Firstly based on the fix for issue 1427 this only affects Windows 10, it does not affect any earlier versions of Windows such as 7 or 8.1. However, I’ve not verified that to be the case but there’s no reason to believe it’s incorrect. MS consider this to be an ‘Important’ issue, but crucially not a ‘Critical’ issue. This is because this issue is an Elevation of Privilege which allows a normal user to gain administrator privileges. However, in order to execute the exploit you’d have to already be running code on the system at a normal user privilege level. It cannot be attacked remotely (without attacking a totally separate unfixed issue to get remote code execution), and also cannot be used from a sandbox such as those used by Edge and Chrome. The marking of this issue as High severity reflects the ease of exploitation for the type of issue, it’s easy to exploit, but it doesn’t take into account the prerequisites to exploiting the issue in the first place.”
Microsoft released a fix on Patch Tuesday, but that only patched the previous ‘1427’ flaw which was also exposed by Project Zero upon Microsoft failing to fix it in the required time period as well. However, this new security flaw has yet to be fixed.
Neowin asked Microsoft in regard to the time period in which the issue would be resolved. To which the tech giant responded, “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”
We would let you know when it gets patched.
For more on the technology, keep following Tech Hugger..

Comments

Post a Comment

Popular posts from this blog

Develop your own game by learning these free courses

We recently recommended courses you should learn before you will launch your first startup in order to avoid some common mistakes. In Quick Tips today, we’ll recommend you some free courses that will help you make your first game and begin your career as a developer. Before we highlight the details of the courses you ought to take, here are some introductory courses which will prepare you to learn these courses more effectively; Java Programming Basics  – Prepare yourself for programming on Android and the Web Introduction to JavaScript  – Create animations and understand variables and strings. When you have gone through those courses above then proceed to ones given below to develop your first game: 1. Create a 2048 game in just 1 day For those who have zero experience in programming and don’t want to take the above courses, then enroll in this course from Udacity. You will learn the basics of HTML and CSS as well as their interaction with JavaScript. ...
Post a Comment
Read more

Honda Launches the CR-V SUV in Pakistan

The 2018 Honda CR-V has been launched in Pakistan and it looks charming. Honda has finally launched the 2018 Honda CR-V in Pakistan. This Sports Utility Vehicle (SUV) has proven to be pretty popular around the world with an average of 300,000 units sold annually. In Pakistan, the Honda CR-V is gaining the popularity and attention of local auto enthusiasts. Honda CR-V 2018 was recognized as ‘2018 Motor Trend SUV of the year’ recently as well. The international model of CR-V has these four variants: Honda CR-V LX (Standard), Honda CR-V EX, Honda CR-V EX-L, Honda CR-V Touring. The CR-V offers pretty great features when you look at it. Let's take a look at what Honda Compact Recreational Vehicle (CR-V) has to offer. Exterior Because of its shiny new sporty-looking exterior, the vehicle is placed in small sports utility vehicle’s category. The exterior, no doubt, makes you want to look twice as some modifications to the previous model have been made. ...
Post a Comment
Read more

The upgraded Google News app is now available on iOS and Android

One of the more intriguing announcements at Google IO 2018 was of  a new Google News app  to take the place of the Google Play NewsStand, which was initially launched in 2013.  After describing the new Google News app  in a dedicated page for the app on its website, Google has now officially released the app on the  App Store  and  Google Play . Google Play NewsStand was used as a resource to get news around the world. The news would be of every category, even the news which doesn’t interest the user. Whereas with this new Google news app, the artificial intelligence of Google shows you the news you want to see, which you usually search for on Google. According to Google , the Google News app now  “uses a new set of AI techniques to take a constant flow of information as it hits the web, analyze it in real time and organize it into storylines.”  Artificial intelligence(AI) gives the app an ability to process and sort the news from...
Post a Comment
Read more