Windows security issues, Google detects a dangerous flaw

Who I am
Manuel Moreno Molina
@manuelmorenomolina
Author and references

Let's put it like this: Microsoft didn't really appreciate it. On the contrary. The fact is that the omelette is now done. On October 31st, through a post on his blog dedicated to security, Google revealed the existence of a dangerous flaw in Windows, which would put users' personal data at risk.

So far nothing exceptional, except that Big G disclosed the vulnerability just 10 days after reporting the issue to Microsoft engineers: a too short period of time to allow the Redmond house to develop a security patch and distribute it among users via system update. Hence the angry reaction of the Redmond-based company, which reassured users about the upcoming release of an ad hoc update by November 9th. However, Microsoft says, users who use Windows 10 and Microsoft Edge (Chrome's rival browser) are already safe and they don't have to fear for their data.



In a public statement released through its official channels, Bill Gates' company censors the behavior of the "rival". The "race forward" of Google, in fact, would only expose users to potential risks, without providing real help to the positive solution of the problem.

Windows security flaw, problem in system files

In its post, Google identifies the problem in the win32k.sys system file which, if attacked via specific calls, would grant hackers full access to the computer system of Windows users. A big deal, in short, for cybersecurity experts and Microsoft developers, who weren't able to fix the 0-day vulnerability before it became public. Even because both Google and Adobe (other software house involved in the case) have already released security patches that isolate the problem and make it, in fact, ineffective.



Of course, in its post Google did not go into the details of the bug, so as not to give other hackers the opportunity to take advantage of it, but according to many experts the 10 days of "notice" are few compared to the real extent of the problem. In short, even if Google usually reveals bugs and flaws in the software of other manufacturers seven days after discovering them, in this case it seems to have been too scrupulous.


Do it already exploited by Russian hackers

Following the Google revelation, however, it became known that the bug was already used some time ago by a group of Russian hackers known as Strontium and Fancy Bear. These are two groups linked to the Russian security services, known in the past for their hacking activities for political purposes. It cannot be excluded, therefore, that the flaw was exploited to illegally enter the computers and computer systems of politicians around the world - Americans in particular - and steal confidential information (see the case involving Hillary Clinton).


Windows security issues, Google detects a dangerous flaw


Audio Video Windows security issues, Google detects a dangerous flaw
add a comment of Windows security issues, Google detects a dangerous flaw
Comment sent successfully! We will review it in the next few hours.