14 DAY TRIAL // Today, Microsoft has released the first Patch Tuesday updates of the year, and among the shipped bulletins, there’s also an official fix for a vulnerability found by Google and made public last month.
James Forshaw of Google Project Zero disclosed a Windows 8.1 vulnerability that allowed an attacker to get administrator privileges on any computer powered by this OS version, and in addition to all the details about the security flaw, he also published a Proof of Concept to demonstrate how everything worked.
Microsoft criticized Google for this strategy of disclosing flaws before they get patched, explaining that it actually talked to representatives of the company to make sure that it had enough time to develop a fix.
Also affecting Windows 7
While Google’s engineer previously said that the flaw only existed in Windows 8.1, in the official advisory rolled out today, the company actually reveals that some other OS versions are also affected, including Windows 7 and Windows RT.
“This security update resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if an attacker logs on to a system and runs a specially crafted application,” Microsoft states.
“An authenticated attacker who successfully exploited this vulnerability could bypass existing permission checks that are performed during cache modification in the Microsoft Windows Application Compatibility component and execute arbitrary code with elevated privileges.”
Only an “important” rating
Despite the fact that a public disclosure was made, Microsoft offered only an “important” rating for this vulnerability on absolutely all affected versions of Windows.
The software giant says that it is not aware of any successful exploits of this flaw, and since so many details are already available online, it urges everyone on the affected Windows versions to deploy the patches as soon as possible to make sure that exploits are being blocked.
All Patch Tuesday fixes are being delivered through Windows Update, so you have nothing else to do than to connect your PC to the Internet and wait for everything to be downloaded and installed.