Last week Microsoft published an official statement in response to Google detailing the critical vulnerability in their Windows operating system. In the same, Redmond promised that it would release a patch for this zero-day exploit with its November 8 security update. Today, it has delivered and issued a patch for the criticial Windows flaw.
This critical vulnerability(which Microsoft believes wasn’t critical) was a local privelege escalation which enabled intruders to bypass the security sandbox in the Windows 32K system. Using the same, anybody could gain admin access to your computer using a malicious app. This flaw in the OS was disclosed by Google in the beginning of this month, just ten days after they reported it to Redmond and before a fix for the same has been released.
But, the update released by Microsoft corrects the vulnerability by correcting how the affected low-level kernel driver handles objects in memory. It has been released for numerous version of Windows ranging from Vista to Windows 10 — though it was already pretty safe. Microsoft had previously also mentioned that Windows users were safe from any exploits if they were running the Anniversary Update coupled with an up-to-date browser (i.e Edge or Chrome with the latest Flash extension.)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system,
reads the security update release statement.
For users who still prefer using an older version of Windows, you should update your system the moment you receive the update. I’m pressuring you into the same because Microsoft(and Google) has revealed that this expoilt was most likely being exploited by a Russian hacker group called Strontium. They carried out a low-volume spearphishing e-mail attack, designed to attack a particular target or organization.
Due to Google making the info about the vulnerability public without consulting, Microsoft was pretty upset with their decision. They even rebuked the tech giant for putting millions of users’ Windows PCs in danger of exploitation. The release of this security update patch, however, finally clears the bad blood between the two tech behemoths. The Redmond giant has even acknowledged the contribution of the two Google researchers who spotted this exploit.