Google leaves Microsoft red faced by revealing a potent security flaw found right in its popular Windows operating system. Google has published a report which gives insight and remarkable details into the security flaw which has yet to be fixed by the Microsoft. It should be noted that Google has already given a deadline of seven days to Microsoft for fixing up the flaw but Microsoft simply failed to play by the rules. Google has stated that it was necessary to reveal the flaw to public as it was being actively abused. Microsoft reiterated by stating that alert which only ends up in causing more harm because it will still need more time come with a suitable security patch.
The flaw revealed by Google
Google has revealed a major flaw in the file named Win32k.sys which is utilized by the Microsoft’s Windows operating system to display graphics. Any kind of alteration or moderation to this file can create havoc for the users which leaves the display system is jeopardy. Deleting or altering this file results in system errors with the notorious blue screen of death. This has been known by all the major security experts and operating system users as well as technicians but the flaw revealed by Google brings showcase a vulnerability which can utilized by the hackers for their own personal gains.
Google has quite frankly laid down the roadmap for any hacker to exploit this vulnerability through using a ‘security sandbox escape. This simply means that if a hackers gets acess of any Windows operating system the he will get the ability to alter other computer function sin order to cause more problems for the end users.
Why Google chose to reveal the vulnerability?
Google has a policy which has been active since 2013 and it states that Google will offer 60 days to the developers to fix up the flaw identified by it, only in the case if no one making active use of the flaw. But if it’s found that the vulnerability is being utilized by hackers or other then Google will offer just 7 days before making the flaw public.
Similarly Google has given seven days to the Microsoft to come up with a fix for this vulnerability but they failed to do so. Microsoft has stated in its defense that it isn’t feasible to come with right solution and fixing parameter with an imposing aggressive timeline. It has also been stated by Google that users can safeguard themselves from this flaw through limiting the exposure by the using the Chrome which is not effectively exposed to the vulnerability.
Tech community is divided in this debacle
Cyber security experts are left scratching their whether the decision taken by Google is right or wrong given the fact that revealing the flaw will still require a security patch from Microsoft and Microsoft requires time to develop it. A security expert has stated that bringing flaw public without knowing who are the attackers and targets can aggravate the situation further.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.