قالب وردپرس درنا توس
Home / Technology / Google reveals a new Windows zero-day vulnerability, allegedly under active attack – TechCrunch

Google reveals a new Windows zero-day vulnerability, allegedly under active attack – TechCrunch



Google It deleted details of previously undisclosed vulnerabilities in Windows, which hackers are said to be actively exploiting. As a result, Google gave Microsoft only one week to fix the vulnerability. This deadline has come and gone, and Google released details of the vulnerability this afternoon.

The vulnerability has no name, but is labeled CVE-2020-17087, and affects at least Windows 7 and Windows 10.

Google’s Project Zero is an elite group that discovered a security vulnerability. They said the vulnerability allows attackers to increase their user access levels in Windows. Attackers are using the Windows vulnerability in conjunction with a separate bug in Chrome, which Google disclosed and fixed last week. This new bug allows attackers to escape the Chrome sandbox that is usually isolated from other applications and run malware on the operating system.

Ben Hawkes, the technical lead of Project Zero, said in a tweet that Microsoft plans to release a patch on November 1

0.

Microsoft It did not independently confirm the date at the time of inquiry, but stated in the statement: “Microsoft has customers’ commitment to investigate reported security issues and update affected devices to protect customers. In our efforts to meet all researchers’ disclosure deadlines (including this) In this case, the short-term deadline), while developing security updates is to strike a balance between timeliness and quality, our ultimate goal is to help ensure maximum protection of customers and minimize customer interference.”

But it is not clear who the attackers were or their motives. Google Threat Intelligence Director Shane Huntley said the attack was “targeted” and had nothing to do with the US election.

A Microsoft spokesperson added that the reported attacks were “very limited and targeted in nature, and we have no evidence of widespread use.”

This is the latest vulnerability in the list of major vulnerabilities affecting Windows this year. Microsoft said in January that the National Security Agency helped find an encryption error in Windows 10, although there is no evidence of an exploited vulnerability. But in June and September, the Department of Homeland Security issued alerts for two “critical” Windows errors-one that can be spread on the Internet, and the other has full access to the entire Windows network.

It has been updated with comments from Microsoft.




Source link