Hackers May Have Already Exploited Microsoft's Flaws Under Their Noses

By Richard Chiu | Nov 04, 2016 07:09 AM EDT

TEXT SIZE    

Computer experts believe that hackers are feasting on a recent Windows 10 operating system flaw from Microsoft that if compromised could cause installed programs and some functions to crash.

In a report on CCN, Microsoft confirmed a group of hackers tied to the Russian intelligence network has attacked several Windows users, but failed to disclose further details regarding the infiltration or the identities of the users who were affected by it.

The file known as the 'zero day' bug permits hackers to get away from a 'security sandbox' in Windows and make it possible for them to execute codes that would compromise a computer. Google points out that this is a critical vulnerability and would allow attackers to take control of a target's computer.

Another potential issue that this would cause is that it could affect some systems running on a program to experience the ominous 'blue screen of death' (BSOD) that could eventually lead to a system crash. This problem could also be a gateway for attackers to cause trouble for their targets.

Google claims this is serious after Windows failed to provide any update or advisory on a fix to address the issue after it was first reported. Google claims it stands by a policy to publish an update regarding the critical exploitation of critical issues after seven days.

This caught the ire of Microsoft after Google published a security blog to users regarding the bug contained in a Win32K.sys file without the giving Microsoft developers the chance to announce they are creating a fix or make the statement public in their own terms. They claim that the Google announcement could put more customers at risk.

Microsoft issued a statement saying that they are already looking into the concern but has not provided a timeframe when a patch would be available to fix the issue.  The company also did not hide its disdain for Google bringing this out into the open.

"We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," a spokesperson from Microsoft said in an interview.  There are still no reports of other hackers exploiting the Microsoft bug and the sooner a patch is deployed to fix the issue; the more users could rest easy about their systems getting compromised. 

pre post  |  next post
More Sections