There has been a security hole in the Windows kernel for 20 years. This was discovered by the Google researcher Tavis Ormandy. The hole can already be exploited by metasploit so it makes good sense to update your Windows fast. The hole enables code execution in Microsoft's .NET framework, Silverlight, Office, Visual Studio, Lync and Internet Explorer, and all versions of Windows are affected. |
The patch will also fix an privilege escalation flaw, classified as important; listed as referring to an issue with Windows Defender for Windows 7 and Windows Defender if it has been installed on Windows Server 2008 R2.
Google has a policy of responsible disclosure, and used to give a 60 days grace period to fix things. This period has now been shortened down to one week.
Microsoft might not be to happy with that, but they were forced to act quickly - and that cannot be wrong from a customer point of view.