Google has disclosed a critical flaw in Microsoft’s Windows 10 operating system that would allows attackers to escape the security sandbox. This would potentially allow hackers to gain control of a system; which Google is saying is already happening. Of course, Microsoft is not happy that the company decided to make the vulnerability public before it can issue a patch.
Most vulnerabilities are only made public after the developers are able to fix the problem, which prevents hackers from exploiting something they didn’t know about in the first place. Google had earlier informed Microsoft about the problem on 21 October, but only gave the company 10 days to issue a patch before going public.
Microsoft is saying that the amount of time is not enough to build and test a patch; and that Google’s actions are putting millions of users at risk. Naturally, Google does not see it that way.
The exploit uses a vulnerability in Flash to exit the security sandbox, and that has at least been patched. In other words, the vulnerability is partially fixed; but it is likely that there are hackers out there looking for other ways to use it to their advantage.
[Source: Google, VentureBeat]
