Google reveals serious Win 10 vulnerability

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9284
Joined: 14 Mar 2010, 16:34

Google reveals serious Win 10 vulnerability

Postby viking60 » 01 Nov 2016, 11:46

Image
Google has found a weakness in Windows 10 and has informed Microsoft about it.

Google gives everybody a 10 day window to fix vulnerabilities before they go public and this is to fast for Microsoft that have not even addressed the issue publicly yet. :C

This struggle between Microsoft and Google is not new and does create some hostility.

From the outside it is hard to see that Google pointing out weaknesses in Microsoft OS with a 10 day fix window, is unfair.

There are options like making Windows 10 without errors or discovering those before Google does it.... :confused

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.


More here
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
R_Head
Berserk
Posts: 2585
Joined: 17 Mar 2010, 15:40

Re: Google reveals serious Win 10 vulnerability

Postby R_Head » 01 Nov 2016, 13:11

MS does not have the Linux community model; therefore, reacting to some like that it will take a long time.

In a secomd thought... if the vulnerability is fixed, most IT Security personnel will be out of the job. Is that what John MacAffee was selling? Fear to the masses and here how I can protect you! +1


Return to “Win News”