1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google drops more Windows 0-days. Something’s gotta give->Winfows 7 ?

Discussion in 'Windows - General discussion' started by ireland, Jan 16, 2015.

  1. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,720
    Likes Received:
    13
    Trophy Points:
    68
    Google drops more Windows 0-days. Something’s gotta give->Winfows 7 ?

    Google's security researchers have published another pair of Windows security flaws that Microsoft hasn't got a fix for, continuing the disagreement between the companies about when and how to disclose security bugs.


    The first bug affects Windows 7 only and results in minor information disclosure. Microsoft says, and Google agrees, that this does not meet the threshold for a fix. Windows 8 and up don't suffer the same issue.


    The second bug is more significant. In certain situations, Windows doesn't properly check the user identity when performing cryptographic operations, which results in certain shared data not being properly encrypted. Microsoft has developed a fix for this bug, and it was originally scheduled for release this past Tuesday. However, the company discovered a compatibility issue late in testing, and so the fix has been pushed to February.


    Had the fix worked correctly, Microsoft would have released a patch prior to disclosure. But thanks to the compatibility issue, Google's 90-day deadline was reached yesterday, prompting the advertising company to publish the bug.



    Last time this happened, Microsoft
    wrote a blog post criticizing Google's decision. This time around, the company's response is more reserved. It issued a statement saying:

    READ MORE HERE
    http://arstechnica.com/information-...rstechnica/index+(Ars+Technica+-+All+content)

     
  2. ireland

    ireland Active member

    Joined:
    Nov 28, 2002
    Messages:
    3,720
    Likes Received:
    13
    Trophy Points:
    68
    Google has released details of another Windows exploit before it is patched

    A few weeks ago, a Google security researcher released the details of a vulnerability in Windows and refused to wait a couple moredays until 'Patch Tuesday' to release the information pertaining to the exploit. In that case, Microsoft had a patch ready to be released a couple days after the 90-day waiting period elapsed but in this latest release, that is not the case.

    The latest vulnerability to be detailed by Google is titled an "Impersonation Check Bypass With CryptProtectMemory and CRYPTPROTECTMEMORY_SAME_LOGON flag"; this vulnerability is said to impact Windows 7, 8.1 Update and both the 32/64bit flavors. The exploit allows an attacker to impersonate another ID at the identification level and decrypt or encrypt data during that login session.

    As with the other exploit that was released by Google, you can download a file to execute the flaw.

    READ MORE HERE

    http://www.neowin.net/news/google-h...-another-windows-exploit-before-it-is-patched
     

Share This Page