بسم الله الرحمن الرحيم
السلام عليكم ورحمه الله وبركاته
Microsoft once again face the embarrassment for not correcting weaknesses in time.
Yes, I have again the project team zero Google publicly disclosed vulnerability (with POC exploit) affecting Microsoft Windows operating systems ranging from Windows Vista Service Pack 2 for the latest Windows 10 that have not been corrected.
A few months ago, search engine giant Windows critical weaknesses to the public only ten days after the disclosure of a bug to Microsoft revealed.
However, this time Google revealed the weakness in the Windows operating system to the public after that Microsoft has failed to correct it within the framework of 90 days provided by the company.
The zero project by Mateusz Jurczyk Google responsible security vulnerability in a library (GDI) and the graphics device interface for Windows' Microsoft Security team on June 9 last year.
The weakness affects any program that uses the library, and if exploited, could allow hackers to steal information from memory.
While Microsoft has released a patch for the weakness in the June 15, the company does not fix all the issues in the GDI library, forcing the project to zero researcher reported back to Microsoft with proof-of-concept on 16 November.
"As a result, it is possible to reveal bytes uninitialized or outside the boundaries of the pile through the color pixels, in Internet Explorer and other customers GDI that allows the extraction of the displayed image data to the attacker," Jurczyk notes in a new report.
Now, after giving a grace period of three months for the company, Google released the details of exposure of the public, including hackers and malicious actors.
Project Zero Google team routinely find security holes in various programs, and calls for software vendors affected publicly to detect bugs correction within 90 days of discovery. If not, the company automatically makes bugs along with the audience details.
Although Windows users need not panic, hackers will require physical access to the host machine to exploit the weakness, the Redmond giant is to launch emergency patch released before it is developed sophisticated exploits.
Microsoft recently delayed this month's Patch Tuesday for a month because of "the issue at the last minute that could be some customers and not resolved in a timely manner affect for the planned updates [Microsoft]," in the February 14.
Therefore, if there is not expected emergency patch this month, will be leaving this gap was unveiled recently open to hackers for almost a month to exploit - just as we saw last time when Russian hackers actively exploiting the then unpatched Windows kernel error in the wild - which means that the users Windows in the potential risks.
I ask God to have benefited
And I hope that I have I could deliver information to you
Do not forget to leave your comment if you get stuck
Also do not forget the wonders because these small pressure equal to a great encouragement for me
I hope to post Thread friends also benefit
Do not forget Likes page
To receive the all-new
I ask God to have benefited
And I hope that I have I could deliver information to you
Do not forget to leave your comment if you get stuck
Also do not forget the wonders because these small pressure equal to a great encouragement for me
I hope to post Thread friends also benefit
Do not forget Likes page
To receive the all-new
And I hope that I have I could deliver information to you
Do not forget to leave your comment if you get stuck
Also do not forget the wonders because these small pressure equal to a great encouragement for me
I hope to post Thread friends also benefit
Do not forget Likes page
To receive the all-new
0 التعليقات:
إرسال تعليق