Microsoft patches critical Windows vulnerability exposed by Google

Scorpus

TechSpot Staff
Staff member

Microsoft wasn't happy last week when Google revealed a critical Windows vulnerability that had yet to be patched. The company claimed that Google's disclosure put customers "at potential risk," and was set to issue a patch come this month's Patch Tuesday.

Well, Patch Tuesday has arrived, and Microsoft has issued an update that addresses the vulnerability. The security bulletin, rated as 'important', addresses multiple elevation of privilege vulnerabilities including the one exposed by Google last week.

The vulnerability in question, which could be triggered via a win32k.sys system call, could allow an attacker to exit Windows 10's sandbox and gain administrator privileges. At the time of disclosure, Google claimed the "particularly serious" vulnerability was being actively exploited and urged users to both update Adobe Flash and Windows 10 as soon as possible.

Google revealed details of the vulnerability to the public seven days after privately notifying Microsoft, as per their policy on actively exploited critical vulnerabilities.

Patch Tuesday also includes a number of critical security patches that affect all versions of Windows, plus several other important patches and updates for both Internet Explorer and Edge.

Permalink to story.

 

Uncle Al

TS Evangelist
Maybe they are showing they can do something that the Nation can't do with it's presidential candidates?!?!?! LOL