Google has revealed that it has found a Windows zero-day vulnerability that is being used in a number of attacks. Google has reported the issue to Microsoft, but no patch or advisory has been issued as of yet. Thomas Pore, Director of IT and Services at Plixer commented below.
Thomas Pore, Director of IT and Services at Plixer:
“Zero-day vulnerabilities can be extremely valuable, both to those engaging in offensive protection and to those looking for malicious exploitation. While Windows still dominates the end-user operating system experience, news of an unknown privilege escalation vulnerability is serious business as many are now exposed. Google’s disclosure policy defines a reasonable notification strategy with an upper bound at 60 days and for actively exploited zero-day vulnerabilities at 7 days. Active zero-day exploits pose a serious threat to users, PII, and their employer. The scope of this news should be a reminder to network and security engineers that traditional layers of defense will not prevent malicious actors from invading their network and that how quickly one can identify and respond the abnormal traffic patterns can result in a timely and successful response. Additionally, systems administrators need to continually evaluate automated patching procedures since Microsoft has mentioned that successful exploitation of the kernel vulnerability currently requires Adobe Flash Player, which has released a patch.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…