Google uncovers and publishes a unpatched Windows vulnerability


A Google security researcher has discovered an error that gives extra rights to their simple accounts Windows. After 90 days waiting and no response from Microsoft, the researcher disclosed the vulnerability.Windows Security

Let's look at things from the beginning, Google's researcher named Forshaw discovered and revealed a Window wizard's escalation error.

He contacted both Microsoft and Google by telling companies about vulnerability. Forshaw in his briefing also included a POC demonstration. He says he has only tested on a system with updated Window 8.1 and that it is unclear whether earlier versions such as Window 7 are vulnerable.

The vulnerability was detected in AhcVerifyAdminContext. It's an internal function, not a public API, for searches at microsoft.com.

Vulnerability proof (PoC) includes two program files and a series of instructions to run it. The result is that the Windows calculator runs with administrator privileges. Forshaw said the error is not from the UAC, but that the UAC is used in part to prove the error.

Forshaw released its revelation privately on September 30th. At the end of the post, he stated: “This error is subject to a 90-day reporting period. If 90 days pass without a code update being widely available, then the bug report will automatically be visible to the public. ”

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news