Hackers are exploiting a bug in Microsoft Windows that was originally disclosed by a Google researcher two months ago.
Microsoft issued the warning in its latest security advisory, saying that without the patch fix hackers could theoretically use the flaw to increase their privileges, thus wrestling control of the device from the end user.
The flaw was originally discovered and posted publicly online by Google security engineer Tavis Ormandy on the full disclosure blog in May. Ormandy said the bug relates to a “silly” piece of code from Microsoft, used in Windows 7 and Windows 8.
It was unclear whether the flaw had been actively exploited by criminals prior to Ormandy’s post, though Microsoft’s has since confirmed detecting numerous targeted attacks aimed at it. The details of the attacks and the potential damage caused remain unknown and at the time of publishing Microsoft had not responded to V3‘s request for comment.
The post has since caused a heated debate about the nature of full disclosure within the security community. Experts that practice a full disclosure policy believe posting any security flaws they discover online to the public helps improve the world’s security, forcing the parties involved to fix the flaws sooner rather than later. Others believe the practice is irresponsible as it alerts cyber criminals and black hats about the flaw before the company has had time to react.
SOURCE: v3.co.uk
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…