Google has revealed that it has found a Windows zero-day vulnerability that is being used in a number of attacks. Google has reported the issue to Microsoft, but no patch or advisory has been issued as of yet. Thomas Pore, Director of IT and Services at Plixer commented below.
Thomas Pore, Director of IT and Services at Plixer:
“Zero-day vulnerabilities can be extremely valuable, both to those engaging in offensive protection and to those looking for malicious exploitation. While Windows still dominates the end-user operating system experience, news of an unknown privilege escalation vulnerability is serious business as many are now exposed. Google’s disclosure policy defines a reasonable notification strategy with an upper bound at 60 days and for actively exploited zero-day vulnerabilities at 7 days. Active zero-day exploits pose a serious threat to users, PII, and their employer. The scope of this news should be a reminder to network and security engineers that traditional layers of defense will not prevent malicious actors from invading their network and that how quickly one can identify and respond the abnormal traffic patterns can result in a timely and successful response. Additionally, systems administrators need to continually evaluate automated patching procedures since Microsoft has mentioned that successful exploitation of the kernel vulnerability currently requires Adobe Flash Player, which has released a patch.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…