Categories: Security news

Google discloses ‘high-severity’ exploit in Windows 10 before it’s patched

Google reveals unpatched security vulnerability in Microsoft’s Edge browser

Google’s Project Zero team of security researchers disclosed a “high-severity” vulnerability it found in Microsoft’s Edge browser after the company failed to patch it within the allotted time of 90 days. The vulnerability can allow an attacker to gain administrator privileges if exploited.

For those unfamiliar, Project Zero is a team of security analysts employed by Google to find zero-day vulnerabilities before they are found and exploited by malicious people. On finding and disclosing the vulnerability to the relevant company, Google gives them 90 days to fix the issue. However, if the company fails to issue a patch within the specified time period, the Project Zero team discloses the vulnerability to the public so that users can protect themselves by taking necessary steps.

This most recent vulnerability was identified by James Forshaw, a Google Project Zero researcher, who disclosed it to Microsoft on November 10 as part of a separate security issue with Windows 10. Apparently, there are actually two bugs in this vulnerability, named 1427 and 1428. While Microsoft addressed the bug 1427 with its February’s Patch Tuesday release earlier this month, as it found it to be more critical. However, it chose to leave the other bug 1428 untouched, as it says it’s not a critical vulnerability.

According to the technical report in the Project Zero, the vulnerability has been tested on Windows 10 Fall Creators Update (version 1709). In this case, the Windows 10 vulnerability is in the SvcMoveFileInheritSecurity remote procedure call (RPC). Forshaw also attached a proof-of-concept code in C++ which creates an arbitrary file in the Windows folder, and exploits the SvcMoveFileInheritSecurity RPC to overwrite the security descriptor to get control of a system.

Currently, the issue has been listed as “high-severity” by Google because of its ease of exploitation. However, since the latest elevation of privilege flaw in Windows 10 cannot be exploited remotely or in browsers that run in a sandbox, Microsoft has categorized it as “important” rather than “critical.” Forshaw points outs that the flaw only affects Windows 10 and he hasn’t verified whether it works on earlier versions, like Windows 7 or 8.1.

When Neowin contacted Microsoft for clarification regarding the security flaw, they responded by saying, “Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible.”

Only last week, Google’s Project Zero had revealed a Windows 10 exploit mitigation [Arbitrary Code Guard (ACG)] bypass to the public that Microsoft couldn’t fix in time. Microsoft had confirmed the ACG bypass and said it would fix the issue in February’s Patch Tuesday release. However, it was forced to skip the February’s Patch Tuesday release, as the issue was found to be “more complex” than initially thought. The Redmond giant is now targeting to release the fix in Patch Tuesday in March.

Source: Neowin

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

Best 29 Tech Companies To Work For In The U.S. In 2019

Top 29 U.S. tech companies to work for in 2019, according to Glassdoor Glassdoor, the renowned career job site, has…

16 hours ago

10 Best Free Live Cricket Streaming Sites In HD

Cricket enthusiasts are all over the globe, and cricket streaming sites have made it easier to watch cricket anytime and anywhere.…

16 hours ago

12 Security Tech Terms Everyone Must Know

With tons of new technology coming out in the 21st century, it’s extremely important that you know what each of…

1 day ago

How to turn off Find My iPhone on your iPhone, iPad and Mac Device

"Find my iPhone" is a great service from Apple, which lets you find your lost iPhone, iPad, iPod, and Macbook. But…

2 days ago

Torrent Tracker ‘Leechers Paradise’ Calls It Quit After 12 Years

Leechers Paradise shuts down after 12 years of torrent tracking Leechers Paradise, one of the world's oldest and most vital…

2 days ago

PUBG Mobile is offering free $2 worth of in-game credits

Now Grab $2 PUBG Mobile Play Store Credit PlayerUnknown’s Battlegrounds (PUBG), the most popular online multiplayer battle royale game, is offering free…

3 days ago