Google revealed to the public the existence of a security flaw “particularly serious” in Windows 10, which allows attackers to access personal information and that is “being actively exploited”, and Microsoft questioned the Internet giant for not leaving him time to repair it.
In his blog dedicated to computer security, Google published a text in which he gives an account of the existence of this security hole in the latest version of Windows, which is still pending to be repaired, just a week after warning her to Microsoft, responsible for the operating system.
The company of the finder felt that this issue is “particularly serious because we know that is being actively exploited.”
But since Microsoft commented that they need more time to develop a patch, and questioned that the publication of this text could have helped to generate more damage.
“we Believe in the discovery of coordinated vulnerabilities, and the discovery of Google today put the customers into a potential risk,” he said last night a spokesman for Microsoft told the site VenturBeat.
“Windows is the only platform with a commitment towards the customer to investigate the security issues reported and proactively update the affected devices as soon as possible”, he added.
The vulnerability in question involves a file called Win32k.sys that the operating system requires to display the graphics; accordingly, the same should not be erased or altered because doing so may cause a failure in the system resulting in the so-called “blue screen of death”, in reference to the screen, displayed whenever Windows cannot recover from a system error and it crashes.
According to Google, “the vulnerability of Windows is an escalation of privilege local to the Windows kernel, which can be used as to escape from the security defined by the system”, that is to say that once compromised the system, you can allow a third party access to the computer.
Google has been in place since 2013 a policy to detect security holes in the systems and gives developers a period of 60 days to fix it, provided he does not suspect that these failures are being exploited; instead, it gives you seven days to repair them if you believe you are being used.
Many businesses find that a week is not enough time to develop a security patch and Google admits that the time period is short, but you decide to warn on the dangers.
“Seven days is a time limit aggressive and can be very short for some companies to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the seller for more information”, pointed out in his blog.
As it is, this is not the first time that the search engine gives to know the vulnerabilities of Windows: it did in 2015, with the version 8.1 of the operating system, 90 days after you report the problem to Microsoft, he recalled to the british newspaper the Guardian.
No comments:
Post a Comment