Technology

Google exposed Windows 10 security flaw, Microsoft responded

Recently, it has been reported that Google’s Project Zero – a team of security analysts – has exposed a security flaw in Windows 10 as Microsoft failed to fix the issue in the allotted 90-day period. The flaw has been marked as a “high” severity problem by Microsoft, which has also rated it as an important issue rather than a critical one.

In technical terms, the latest security flaw is an “Elevation of Privilege”, which basically allows a normal user to access the administrator functionalities. Let’s say if a file is read-only, through the exploit it can be made modifiable to the unprivileged users on the system.

As per the report, the flaw – labeled ‘1428’ – has been tested on Windows 10 version 1709. The security analyst who found this bug has attached a C++ code for evidence that creates a text file in the Windows folder, overwriting the security descriptor in such a way that grants access to everyone.

The security researcher states: “Some additional notes about this issue. Firstly based on the fix for issue 1427 this only affects Windows 10, it does not affect any earlier versions of Windows such as 7 or 8.1. However, I’ve not verified that to be the case but there’s no reason to believe it’s incorrect. MS consider this to be an ‘Important’ issue, but crucially not a ‘Critical’ issue. This is because this issue is an Elevation of Privilege which allows a normal user to gain administrator privileges. However, in order to execute the exploit you’d have to already be running code on the system at a normal user privilege level. It cannot be attacked remotely (without attacking a totally separate unfixed issue to get remote code execution), and also cannot be used from a sandbox such as those used by Edge and Chrome. The marking of this issue as High severity reflects the ease of exploitation for the type of issue, it’s easy to exploit, but it doesn’t take into account the prerequisites to exploiting the issue in the first place.”

Microsoft released a fix on Patch Tuesday, but that only patched the previous ‘1427’ flaw which was also exposed by Project Zero upon Microsoft failing to fix it in the required time period as well. However, this new security flaw has yet to be fixed.

Neowin asked Microsoft in regard to the time period in which the issue would be resolved. To which the tech giant responded, “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”

We would let you know when it gets patched.
For more on the technology, keep following TechJuice.

Sponsored
Talha Saqib

Well, I am Talha. An introverted fellow pursuing a degree in Computer Science from FAST-NUCES. In past, I've been a freelance graphic designer which I still am to some extent. My deep interest in technology and reporting has made me do what I do here - cover tech news. I may look like a nerd but I am more about movies, TV shows, anime, art and especially video games. In any case, you can reach me out on Twitter: TalhaSaqib101 and Facebook: talha.saqib.9

Share
Published by
Talha Saqib

Recent Posts

Garena Free Fire India Launch Rumors: What Fans Need to Know

Reports suggest that Garena Free Fire is set to make a much-anticipated return to India.…

16 hours ago

Albania Bans TikTok for One Year: Here’s the Reason!

The Albanian government has announced a ban on the social media platform TikTok for a…

20 hours ago

Google Pixel 9 Pro vs. 8 Pro: Biggest Upgrades Compared

The launch of Google’s latest Pixel lineup brings an exciting chance to compare the new…

22 hours ago

Azad Kashmir to Host Pakistan’s First Women-Centric Software Technology Park

ISLAMABAD: In February next year, Pakistan is set to launch its first women-focused software technology…

23 hours ago

HEC Reveals Law Admission Test Date for LLB Students

The Law Admission Test (LAT) has been announced by the Higher Education Commission (HEC) of…

23 hours ago

Meta’s WhatsApp to Release New Playback Speed Feature for Videos

Meta's WhatsApp is rolling out a new playback speed feature, allowing users to adjust video…

1 day ago