By S. Rina, | November 01, 2016
Google's Threat Analysis Group reported that it has detected the Flash and Windows bugs last month. (Pixabay)
Google has revealed a Windows bug that it communicated to Microsoft in October. However, the bug remains unpatched, allowing hackers to exploit the vulnerability.
The bug belongs to a local privilege escalation in the Windows kernel. The bug can potentially be used as a security sandbox escape.
Like Us on Facebook
Google's Threat Analysis Group reported that it detected the Flash and Windows bugs last month. These vulnerabilities were promptly reported to Adobe and Microsoft. While Adobe has already patched the bug, Microsoft is yet to take any step to safeguard its platform. The Google group said that the bug is being actively exploited.
Google provided details about the flaw stating that it can be triggered using the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Google researchers explained that they are required to make public disclosure of the vulnerabilities found in the timeline provided by the company guidelines. Google requires that all bugs should be disclosed seven days after their communication to the developer.
According to Venture Beat, Microsoft has responded by claiming that Google disclosure "puts customers at potential risk." The company also said that it believes in "coordinated vulnerability disclosure." The bug was communicated to Microsoft on October 21. However, no patch has been released so far by Microsoft. The company also did not provide any probable date for the release of the patch.
In 2015, Google similarly disclosed Windows bugs before the patch for them was released. However, unlike this time, the earlier bugs were not getting actively exploited.
-
Use of Coronavirus Pandemic Drones Raises Privacy Concerns: Drones Spread Fear, Local Officials Say
-
Coronavirus Hampers The Delivery Of Lockheed Martin F-35 Stealth Fighters For 2020
-
Instagram Speeds Up Plans to Add Account Memorialization Feature Due to COVID-19 Deaths
-
NASA: Perseverance Plans to Bring 'Mars Rock' to Earth in 2031
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
COVID-19: Doctors, Nurses Use Virtual Reality to Learn New Skills in Treating Coronavirus Patients