Technology

Google exposed Windows 10 security flaw, Microsoft responded

Recently, it has been reported that Google’s Project Zero – a team of security analysts – has exposed a security flaw in Windows 10 as Microsoft failed to fix the issue in the allotted 90-day period. The flaw has been marked as a “high” severity problem by Microsoft, which has also rated it as an important issue rather than a critical one.

In technical terms, the latest security flaw is an “Elevation of Privilege”, which basically allows a normal user to access the administrator functionalities. Let’s say if a file is read-only, through the exploit it can be made modifiable to the unprivileged users on the system.

As per the report, the flaw – labeled ‘1428’ – has been tested on Windows 10 version 1709. The security analyst who found this bug has attached a C++ code for evidence that creates a text file in the Windows folder, overwriting the security descriptor in such a way that grants access to everyone.

The security researcher states: “Some additional notes about this issue. Firstly based on the fix for issue 1427 this only affects Windows 10, it does not affect any earlier versions of Windows such as 7 or 8.1. However, I’ve not verified that to be the case but there’s no reason to believe it’s incorrect. MS consider this to be an ‘Important’ issue, but crucially not a ‘Critical’ issue. This is because this issue is an Elevation of Privilege which allows a normal user to gain administrator privileges. However, in order to execute the exploit you’d have to already be running code on the system at a normal user privilege level. It cannot be attacked remotely (without attacking a totally separate unfixed issue to get remote code execution), and also cannot be used from a sandbox such as those used by Edge and Chrome. The marking of this issue as High severity reflects the ease of exploitation for the type of issue, it’s easy to exploit, but it doesn’t take into account the prerequisites to exploiting the issue in the first place.”

Microsoft released a fix on Patch Tuesday, but that only patched the previous ‘1427’ flaw which was also exposed by Project Zero upon Microsoft failing to fix it in the required time period as well. However, this new security flaw has yet to be fixed.

Neowin asked Microsoft in regard to the time period in which the issue would be resolved. To which the tech giant responded, “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”

We would let you know when it gets patched.
For more on the technology, keep following TechJuice.

Sponsored
Talha Saqib

Well, I am Talha. An introverted fellow pursuing a degree in Computer Science from FAST-NUCES. In past, I've been a freelance graphic designer which I still am to some extent. My deep interest in technology and reporting has made me do what I do here - cover tech news. I may look like a nerd but I am more about movies, TV shows, anime, art and especially video games. In any case, you can reach me out on Twitter: TalhaSaqib101 and Facebook: talha.saqib.9

Leave a Comment
Share
Published by
Talha Saqib

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

56 mins ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

1 hour ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

1 hour ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

2 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

2 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

3 hours ago