EDITOR’S NOTE: To our clients as well as the general public: CyberLoft Computer Services implements additional security to ensure that CyberLoft, and its clients, remain protected from the type of Windows vulnerability mentioned in this article. If you are not yet a client, contact CyberLoft at (404) 919-7555 to be sure you are protected.
UPDATE 11/1: Microsoft Executive Vice President Terry Myerson on Tuesday afternoon offered more details about how malware can exploit the Windows vulnerability, which it calls “Strontium.”
In order for a computer to be affected, malware must first exploit Adobe’s Flash to gain control of a Web browser, then elevate privileges in order to escape the browser’s sandbox, and finally install a backdoor to provide access to the victim’s computer.
Myerson wrote in a blog post that the Windows Defender antivirus tool is able to detect this activity. He also said Microsoft Edge prevents this post-exploitation step of installing a backdoor. It therefore appears that Windows 10 users browsing the Web with Edge are protected. For everyone else, “patches for all versions of Windows are now being tested by many industry participants, and we plan to release them publicly on the next Update Tuesday, Nov 8,” Myerson writes.
ORIGINAL STORY: A serious security vulnerability in Windows code is currently being exploited, Google researchers said on Monday.
Google discovered the flaw, which also affects Adobe’s Flash media player, on Oct. 21. Adobe issued a fix a few days later, but Microsoft still has not issued its own, according to a Google blog post. Google said its policy is to publish actively exploited critical vulnerabilities seven days after it reports them to the software’s creator.
The flaw, which exists in the Windows kernel, can be used as a “security sandbox escape,” according to Google. Most software contains sandboxes in order to stop malicious or malfunctioning programs from damaging or snooping on the rest of the computer.
It’s unclear how extensively the Windows vulnerability has been exploited. Google said only that it is being “actively exploited.” In a statement, Microsoft acknowledged the security flaw and criticised Google for disclosing it before a fix was ready.
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” a Microsoft spokesperson told VentureBeat. “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”
The company added that it recommends Windows owners use the Microsoft Edge browser, though it did not say whether Edge can prevent the vulnerability from being exploited. Google, meanwhile, said its Chrome browser prevents the exploit.
Citing a source close to Microsoft, VentureBeat reported that the vulnerability requires Flash to be exploited. Since Adobe has already issued a fix for Flash, users with the latest Flash updates may be protected even without a Microsoft fix.
Source: PC Magazine