Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Google reveals a Windows security flaw before Microsoft fixes it

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 20, 2017

It appears that the security team at Google's Project Zero has again revealed a Windows security flaw before Microsoft itself discovered it.

This isn't the first time we see this, and it probably won't be the last either.

Google's Project Zero operates under a 'once we tell you about a security flaw, you have ninety days to fix it or we reveal the bug to the public' policy.

With this specific incident, the security hole allows attackers to access memory using EMF metafiles, a tool implemented in the Windows Graphics Component GDI library (gdi32.dll) and which helps various applications to utilize the graphics engine.

Additionally, once an attacker is in RAM, things can get interesting (read: a lot scary)...

Mateusz Jurczyk, the Google worker who discovered the bug in the first place, and others like him in the past, writes that Microsoft has fixed similar bugs he reported in 2016.

But he also alleges that the bug fix for those flaws (MS16-074) didn't completely address security issues that allow access to memory.

So he again told Microsoft about the issue on November 16th, 2016, and waited, until last week's we-don't-call-it-patch-Tuesday-anymore came and went because Microsoft needed more time to get a new patch dump just right.

At which point, the 90-day policy kicked in and Google pulled the trigger, revealing the security bug to the public.

Obviously, Microsoft doesn't like it when this happens, but the company needs to be more vigilant when it comes to security.

Last November, Microsoft accused Google of giving criminals a helping hand by revealing a security bug, while also saying the hole in question wasn't all that scary anyway. Really?

We have yet to detect a response from Microsoft on this release. If we do, we'll either update this story or write a new one. Stay tuned.

Source: Google's Project Zero Security Team.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer