Last week Google revealed to the world that there was a severe vulnerability in Windows.
To make matters worse for Windows users, that vulnerability was still being actively exploited. Thankfully, Microsoft has released a patch that deals with the vulnerability.
“The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system,” said Microsoft.
While Microsoft did point out that anybody who had applied the Windows 10 Anniversary Update and was using an up-to-date browser was not at risk, anybody running any other Windows operating system including Windows Vista should update their system immediately. If you aren’t sure if your system needs patching check out the rather extensive list Microsoft has on its website.
The vulnerability allowed hacking group Strontium to execute a targeted phishing campaign according to Engadget.
Google drew fire from Microsoft last week when it released news of the vulnerability before Microsoft had a chance to patch it. While Google said it was simply applying its policy of revealing security vulnerabilities within seven days of reporting them, Microsoft said that Google’s actions put users at risk.
Let’s hope that this incident sees Microsoft and Google have a sit down and discuss the best practice for announcing security vulnerabilities to the world.[Via – Engadget]