Google Project Zero has released a new Windows zero-day

Οι χρήστες των Windows φαίνεται να είναι και πάλι εκτεθειμένοι σε επιθέσεις, καθώς ένας προγραμματιστής του Google Project disclosed an unpatched security vulnerability in Microsoft's operating system.

Her member ς Mateusz Jurczyk discovered one in gdi32.dll that allows attackers to compromise Windows systems, and according to his blog, the flaw was first reported to Microsoft in March 2016.Google Project Zero

Microsoft acknowledged the vulnerability and attempted to patch it with MS16-074 που κυκλοφόρησε τον Ιούνιο του 2016 αλλά όπως αναφέρει ο Jurczyk , η managed to fix only part of the problem.

Jurczyk notified Microsoft once again at 16 2016 in November, but the company did not release a new patch. So, according to the Google Project Zero vulnerability disclosure policy, the researcher disclosed the security gap after 90 days.

This may sound like a lot, but it seems to be the best way to exercise to every company to be more interested in the security of the end user.

Microsoft has not yet commented on this new disclosure. Let's say the next scheduled update will take place on March 14, and that Patch Tuesday of this month will not be released. This means that Windows users will remain vulnerable to attacks, at least until next month.

Also, if a malicious user wants to use this vulnerability, he or she must create a special EMF file. It goes without saying that you should watch out for any files that come from unknown sources.

This is not the first time Google has published unpatched security vulnerabilities. The last time was in November 2016, which of course was not to the liking of Microsoft, which criticized Google for the revelation, saying that it puts all Windows users "at increased risk."

Read more about zero-day

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).