Project Zero’s Google security experts have publicly released a vulnerability in Windows 8.1, which Microsoft has already pointed out in September but has not responded so far. For the leak, the “NtApphelpCacheControl ()” function built into the Windows file “ahcache.sys” provides a loophole that allows a restricted user to grant higher privileges on a Windows system, such as an administrator account As an intruder can cause a lot of damage.
Since September 2017, Microsoft has not responded. The security gap was thus not taken into account at least three patch days. Whether it is a more serious problem for the Windows development department or Google's hint was not taken seriously, is unknown. The security gap was still not stuffed. With the latest Google release, Microsoft should have enough pressure to address the vulnerability.
Lesetipp: Antivirus test 2017
After all, the Redmonder have already commented the security gap. The developers of the Windows manufacturer would already work on a fix. However, Microsoft relaxed the situation: the leak could only be exploited if the potential intruder already has a (restricted) account on the attacking machine. As a preliminary solution, Microsoft recommends that you install the latest Windows updates and enable the built-in firewall.
Lesetipp: All about PC security
According to Google Project Zero, the vulnerability should be under Windows 8.1 (both 32-bit and 64-bit versions). The experts of the search engines say that it is unclear whether Windows 7 would be affected. For the sake of security, be sure to follow these safety precautions under the previous version of Windows.
No comments:
Post a Comment