Οι χρήστες των Windows φαίνεται να είναι και πάλι εκτεθειμένοι σε επιθέσεις, καθώς ένας προγραμματιστής του Google Project zero disclosed an unpatched security vulnerability in Microsoft's operating system.
Her member teamς Google Project Zero Mateusz Jurczyk discovered one vulnerability in gdi32.dll that allows attackers to compromise Windows systems, and according to his blog, the flaw was first reported to Microsoft in March 2016.
Microsoft acknowledged the vulnerability and attempted to patch it with information MS16-074 που κυκλοφόρησε τον Ιούνιο του 2016 αλλά όπως αναφέρει ο Jurczyk , η company managed to fix only part of the problem.
Jurczyk notified Microsoft once again at 16 2016 in November, but the company did not release a new patch. So, according to the Google Project Zero vulnerability disclosure policy, the researcher disclosed the security gap after 90 days.
This may sound like a lot, but it seems to be the best way to exercise pressure to every company to be more interested in the security of the end user.
Microsoft has not yet commented on this new disclosure. Let's say the next scheduled update will take place on March 14, and that Patch Tuesday of this month will not be released. This means that Windows users will remain vulnerable to attacks, at least until next month.
Also, if a malicious user wants to use this vulnerability, he or she must create a special EMF file. It goes without saying that you should watch out for any files that come from unknown sources.
This is not the first time Google has published unpatched security vulnerabilities. The last time was in November 2016, which of course was not to the liking of Microsoft, which criticized Google for the revelation, saying that it puts all Windows users "at increased risk."