Home > News content

Microsoft 10 days have not been fixed after Google open Windows 10 high-risk vulnerabilities

via:博客园     time:2016/11/1 10:00:31     readed:1277

In the case of Microsoft has not yet been repaired, Google's security agencies Threat Analysis Group (Threat Analysis Group) disclosed the details of the disclosure of Windows 10 vulnerabilities, resulting in millions of users may have been hacker security risks. In fact, this is not the first time Google did not repair the first published practice, two years ago, the company has publicly unveiled the Windows 8.1 security vulnerabilities have not been fixed, and before the release of Microsoft to fix the vulnerability time is only 7 days.

http://static.cnbetacdn.com/article/2016/1101/515393df2d02181.pnghttp://static.cnbetacdn.com/article/2016/1101/515393df2d02181.png

According to reports related to the Google found the Windows 10 security vulnerabilities "very serious", and has been offered to Chrome users take the initiative to repair patch. The details of the vulnerability are as follows:

The Windows 10 vulnerability found in Windows Kernel is a local right, you can escape in the sandbox. The Win32k.sys system calls NtSetWindowLongPtr () to trigger the window handle with GWL_STYLE state WS_CHILD, and then index GWLP_ID. Chrome's sandbox can prevent win32.sys system calls Win32K lock cache on Windows 10 systems, to prevent the use of these vulnerabilities to escape from the sandbox.

10 days after Google submitted to Microsoft has not yet announced the first security bulletin or patch, but after Microsoft had previously said the operating system than other systems more complex and can not be provided within 7 days of Google to resolve and to the The public provides detailed information.

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments