Google’s Project Zero security team has discovered a security bug in every version of the Windows operating system. The team, which is comprised of top vulnerability hunters, has notified Microsoft of the bug and Microsoft is now urging Windows 7 to Windows 10 users to practice caution.
The Project Zero security team found the bug within the Windows Kernel Cryptography Driver. According to them, the vulnerability allows attackers to gain admin-level control of targeted Windows computers and escalate the privileges they have when accessing a Windows machine.
Microsoft initially gave Google’s Project Zero seven days to patch the bug, after which Google will publish further details. Ultimately, Project Zero failed to issue a security patch within the restrictive timeframe so Google went ahead to publish details of the zero-day vulnerability.
Microsoft said that while the ramifications of the security flaw may sound threatening, its experts are already doing everything they can to fix the issue. The tech giant revealed any threat is limited and there is no evidence of widespread exploits taking place. The company also believes attackers have not yet taken advantage of the bug to meddle with the U.S. presidential elections.
Tracked as CVE-2020-17087, the bug requires another vulnerability to be exploited. According to Microsoft, an earlier browser-based bug called CVE-2020-15999 needs to be chained with the new vulnerability before a successful exploit can take place. Since the old bug has already been patched, computers with updated browsers should be protected from the new bug.
Microsoft has yet to announce when the patch for the new vulnerability will be launched but there are rumors that the tech giant might package it within the Patch Tuesday update that is scheduled for release on Nov. 10. A Microsoft representative earlier said that developing a security update is a balance between timeliness and quality, providing an explanation for why the Project Zero deadline was missed.
“While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption,” said Microsoft.
© 2024 Latin Times. All rights reserved. Do not reproduce without permission.