Google’s Project Zero outs another yet to be patched Windows 10 security flaw

Minimalist · Feb 21, 2018

Google’s Project Zero computer and security researchers have just disclosed another Windows 10 security issue that has yet to be patched by Microsoft. With this latest saga, the search engine giant revealed an Elevation of Privilege flaw in Windows 10 which allows a normal user to gain administrator privileges (via The Verge.)

The full security flaw can be found here and was originally brought to Microsoft’s attention in November as part of a separate security issue with Windows 10. Microsoft addressed one of the issues, but labeled the elevation of Privilege flaw as “important” and not “critical,” claiming the flaw can only be exploited with a “specially crafted application.” Google, in turn, publicly and separately disclosed the Elevation of Privilege flaw today since Microsoft failed to patch it within Google’s 90-day period. The flaw only affects Windows 10, and you can read more on it below.
Click to expand...

https://www.onmsft.com/news/googles...er-yet-to-be-patched-windows-10-security-flaw

itman · Feb 21, 2018

According to this: https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-vulnerability-but-doesnt/ , MS only patched one of the vulnerabilities. So much for Win 10 1709 being the most secure OS version to date.

Minimalist · Feb 21, 2018

itman said: ↑

So much for Win 10 1709 being the most secure OS version to date.
Click to expand...

Yes, that's always a debatable claim. On one side they implement new mitigations and security improvements, on another they add new features, services and software and by this widen their attack surface.
Luckily this is not remotely exploitable but it allows a program already running to elevate it's privileges. It's not worst bug, but could still become big problem.

Log in or Sign up

Google’s Project Zero outs another yet to be patched Windows 10 security flaw

Minimalist Registered Member

itman Registered Member

Minimalist Registered Member

Log in or Sign up

Google’s Project Zero outs another yet to be patched Windows 10 security flaw

Minimalist Registered Member

itman Registered Member

Minimalist Registered Member

Useful Searches