Skip to main content

Google exposed Windows 10 security flaw, Microsoft responded

Windows 10

Recently, it has been reported that Google’s Project Zero – a team of security analysts – has exposed a security flaw in Windows 10 as Microsoft failed to fix the issue in the allotted 90-day period. The flaw has been marked as a “high” severity problem by Microsoft, which has also rated it as an important issue rather than a critical one.


In technical terms, the latest security flaw is an “Elevation of Privilege”, which basically allows a normal user to access the administrator functionalities. Let’s say if a file is read-only, through the exploit it can be made modifiable to the unprivileged users on the system.
As per the report, the flaw – labeled ‘1428’ – has been tested on Windows 10 version 1709. The security analyst who found this bug has attached a C++ code for evidence that creates a text file in the Windows folder, overwriting the security descriptor in such a way that grants access to everyone.
The security researcher states: “Some additional notes about this issue. Firstly based on the fix for issue 1427 this only affects Windows 10, it does not affect any earlier versions of Windows such as 7 or 8.1. However, I’ve not verified that to be the case but there’s no reason to believe it’s incorrect. MS consider this to be an ‘Important’ issue, but crucially not a ‘Critical’ issue. This is because this issue is an Elevation of Privilege which allows a normal user to gain administrator privileges. However, in order to execute the exploit you’d have to already be running code on the system at a normal user privilege level. It cannot be attacked remotely (without attacking a totally separate unfixed issue to get remote code execution), and also cannot be used from a sandbox such as those used by Edge and Chrome. The marking of this issue as High severity reflects the ease of exploitation for the type of issue, it’s easy to exploit, but it doesn’t take into account the prerequisites to exploiting the issue in the first place.”
Microsoft released a fix on Patch Tuesday, but that only patched the previous ‘1427’ flaw which was also exposed by Project Zero upon Microsoft failing to fix it in the required time period as well. However, this new security flaw has yet to be fixed.
Neowin asked Microsoft in regard to the time period in which the issue would be resolved. To which the tech giant responded, “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”
We would let you know when it gets patched.
For more on the technology, keep following Tech Hugger..

Comments

Post a Comment

Popular posts from this blog

Develop your own game by learning these free courses

We recently recommended courses you should learn before you will launch your first startup in order to avoid some common mistakes. In Quick Tips today, we’ll recommend you some free courses that will help you make your first game and begin your career as a developer. Before we highlight the details of the courses you ought to take, here are some introductory courses which will prepare you to learn these courses more effectively; Java Programming Basics  – Prepare yourself for programming on Android and the Web Introduction to JavaScript  – Create animations and understand variables and strings. When you have gone through those courses above then proceed to ones given below to develop your first game: 1. Create a 2048 game in just 1 day For those who have zero experience in programming and don’t want to take the above courses, then enroll in this course from Udacity. You will learn the basics of HTML and CSS as well as their interaction with JavaScript. ...
Post a Comment
Read more

The upgraded Google News app is now available on iOS and Android

One of the more intriguing announcements at Google IO 2018 was of  a new Google News app  to take the place of the Google Play NewsStand, which was initially launched in 2013.  After describing the new Google News app  in a dedicated page for the app on its website, Google has now officially released the app on the  App Store  and  Google Play . Google Play NewsStand was used as a resource to get news around the world. The news would be of every category, even the news which doesn’t interest the user. Whereas with this new Google news app, the artificial intelligence of Google shows you the news you want to see, which you usually search for on Google. According to Google , the Google News app now  “uses a new set of AI techniques to take a constant flow of information as it hits the web, analyze it in real time and organize it into storylines.”  Artificial intelligence(AI) gives the app an ability to process and sort the news from...
Post a Comment
Read more

Huawei Mate 10 Pro: A Premium Flagship With Some Odd Omissions

When Huawei had launched, they were known as a brand that mostly dealt with budget smartphones and even their flagships were not up to the standards that people expected at that time. However, times have now changed and leading the innovation front nowadays is Huawei. A few of their flagships in the recent year or so have been nothing short of impressive but this year’s Mate 10 line up has changed the brand image forever and consumers now know that Huawei is a serious market player and should not be taken lightly. We’ve already reviewed the  Mate 10 Lite and there was a lot to like about that phone. Today we have with us the most expensive one of the bunch, the Mate 10 Pro. For a more in-depth review and understanding of various Mate 10 Pro features, do watch the video review linked below. Design Like most of the flagships in the industry, Huawei also makes use of some premium material on the Mate 10 Pro. You have curved Gorilla Glass on the front and back and where th...
Post a Comment
Read more