Page 1 of 2 12 LastLast

  1. Join Date : Oct 2013
    Posts : 16,471
    64-bit Windows 10 Pro build 14971
       31 Oct 2016 #1

    Google Disclosing Windows 10 vulnerabilities to protect users


    On Friday, October 21st, we reported 0-day vulnerabilities previously publicly-unknown vulnerabilities to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.

    After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

    The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.

    We encourage users to verify that auto-updaters have already updated Flash and to manually update if not and to apply Windows patches from Microsoft when they become available for the Windows vulnerability.


    Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
      My System SpecsSystem Spec


  2. Join Date : Sep 2014
    Posts : 84
    Windows
       01 Nov 2016 #2

    This vulnerability is particularly serious because we know it is being actively exploited.
    If the vulnerability is "particularly serious" then how about identifying the software that's exploiting this 'vulnerability'? Stating that "we know it is being actively exploited" without identifying the malicious software is highly dubious and can't be taken seriously.

    All this does is prevent administrators and users from checking their networks and machines for that software, allowing it to continue exploiting their networks and machines while also preventing security companies from creating signatures for that malicious software.

    Considering all they've done is disclose the vulnerability without also disclosing the software that they "know" is actively exploiting the vulnerability makes "Google Disclosing Windows 10 vulnerabilities to protect users" nothing but a sad sick joke.
      My System SpecsSystem Spec


  3. Join Date : Oct 2014
    Trnava
    Posts : 1,625
    Windows 10 Pro x64
       01 Nov 2016 #3

    There is no particular software using this, any malware can use it, since it is in the wild.
    Besides, Google has provided the info in the link, how to prevent it, since MS did not.
    Attached Thumbnails Attached Thumbnails capture_11012016_065748.jpg  
      My System SpecsSystem Spec


  4. Join Date : Sep 2014
    Posts : 84
    Windows
       01 Nov 2016 #4

    TairikuOkami said: View Post
    There is no particular software using this, any malware can use it, since it is in the wild.
    You're missing the bigger picture... before Google disclosed this publicly it was only a very limited number of malicious programs that knew about and exploited the vulnerability and only now that Google shared those details can "any malware can use it".

    Since Google has not shared information about the software they "know" to be actively exploiting the vulnerability:
    * Enables existing malicious software to continue exploiting machines, stealing data or preform other malicious actions.
    * Prevents administrators from checking their networks and machines for that malicious software.
    * Prevents anti-virus and anti-malware software from creating signatures to detect and remove that malicious software.

    Microsoft had just 10 days before Google publicly released details about a "particularly serious" exploit and are also withholding information about the software they "know" to be actively exploiting the vulnerability... whom exactly does this help??

    Googles actions are disgusting and are causing maximum damage to users by withholding information that would enable users and administrators to detect and remove that malicious software while also preventing anti-virus and anti-malware software from creating signatures.

    TairikuOkami said: View Post
    Besides, Google has provided the info in the link, how to prevent it, since MS did not.
    Google has not shared anything that would in fact protect users and companies from existing malicious software that is already exploiting the flaw, let alone help anti-virus and anti-malware software protect users.

    Adding insult to injury that flag can only be enabled by developers, after completely redesigning their software from scratch and after releasing updated versions of that software - months and years down the track.
      My System SpecsSystem Spec


  5. Join Date : Feb 2015
    Bamberg Germany
    Posts : 13,393
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       4 Weeks Ago #5

    Just another good reason to: GET RID OF FLASH PLAYER!

    If you can't uninstall it(I'm watching you Win10) at least set it to Click-To-Play/turn off.
    One of the worst decisions Microsoft ever made is "forcing" Flash Player on Windows 10 users.

    Flash Player is dead.
    Its time has passed. It's buggy. It crashes a lot. It requires constant security updates. It doesn't work on most mobile devices. It's a fossil, left over from the era of closed standards and unilateral corporate control of web technology. Websites that rely on Flash present a completely inconsistent (and often unusable) experience for fast-growing percentage of the users who don't use a desktop browser. It introduces some scary security and privacy issues by way of Flash cookies.
    Flash makes the web less accessible.
    At this point, it's holding back the web.


    Why, you ask? Why does it matter, when Adobe has already neutered the platform by publicly killing Flash on mobile devices? Why does it matter when HTML5 has clearly won the fight for the future of our web browsing? Well, as we've seen with other outdated web technologies (most notably the much-lamented Internet Explorer 6), as long as software is installed on machines, there will be a contingent of decision makers who mandate its use, and there will be a requirement of continued support, the plugin will live on, and folks will continue to develop for it. Also, for unknown reasons, Adobe is still sticking with Flash as a desktop browsing technology.

    Disabling Flash Player in your browser will likely mean that some of the sites you use regularly are less usable (We're looking at you, Google Analytics. For shame!).
    Occupy Flash - The movement to rid the world of the Flash Player plugin.
      My System SpecsSystem Spec


  6. Join Date : Oct 2014
    Trnava
    Posts : 1,625
    Windows 10 Pro x64
       4 Weeks Ago #6

    I can not say, that I share that. For me flash always worked, unlike HTML5.

    Its time has passed. It's buggy. It crashes a lot. It requires constant security updates. It doesn't work on most mobile devices. ... It introduces some scary security and privacy issues by way of Flash cookies.
    I have not seen flash to crash in years and I always use the latest beta version.
    Anything being used is targeted, but flash can be easily blocked, HTML5 can not.
    HTML5 generally uses more CPU/GPU than flash, so it is bad, especially for slow devices.
    "Flash introduces security and privacy issues." HTML5 has more features, needless to say more?
      My System SpecsSystem Spec


  7. Join Date : Jun 2015
    UK
    Posts : 1,140
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       4 Weeks Ago #7

    Cliff S said: View Post
    Just another good reason to: GET RID OF FLASH PLAYER!

    If you can't uninstall it(I'm watching you Win10) at least set it to Click-To-Play/turn off.
    One of the worst decisions Microsoft ever made is "forcing" Flash Player on Windows 10 users.


    Occupy Flash - The movement to rid the world of the Flash Player plugin.
    I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?
      My System SpecsSystem Spec


  8. Join Date : Jan 2014
    Oak Ridge TN, USA
    Posts : 26,852
    Windows 10 Pro x64
       4 Weeks Ago #8

    I would love to get rid of flash but my Sirius Online uses flash.
      My System SpecsSystem Spec


  9. Join Date : Jan 2014
    Oak Ridge TN, USA
    Posts : 26,852
    Windows 10 Pro x64
       4 Weeks Ago #9

    Steve C said: View Post
    I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?
    I think he's referring to the separate instillation of Flash. I have to install it to use Sirius Online. Sucks..
      My System SpecsSystem Spec


  10. Join Date : Feb 2015
    Bamberg Germany
    Posts : 13,393
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       4 Weeks Ago #10

    Steve C said: View Post
    I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?

    BunnyJ said: View Post
    I think he's referring to the separate instillation of Flash. I have to install it to use Sirius Online. Sucks..
    The integrated one on Windows 10, I have turned off, and I do not have it installed for Firefox.
    Originally I didn't install it in Firefox anyhow, because that's only a backup browser for me, and it reduced auto playing "flash player ads" by not having it installed, well now they use HTML, those auto playing ads now persist

    In IE it's set at click to play, in Edge, it's turned completely off.
      My System SpecsSystem Spec


 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
UBUNTU users -- Paramount orders Google to take down Links to the OS !
Hi there I think we all recognize the right of content creators to protect their investment but when a big movie studio (Paramount) seems to think that the very popular and FREE open source Linux OS UBUNTU is a "Pirate torrent site" we really...
Virtualization
Google Serving Win 10 Edge Browser Users the Old-Style Search Engine
Google Serving Windows 10 Edge Browser Users the Old-Style Search Engine Layout Changing the user agent does the trick, though 69699 Read more:...
Windows 10 News
Microsoft security advisory: Update for vulnerabilities in Adobe Flash
Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge: December 8, 2015 See also: Latest Version of Adobe Flash Player - Windows 10 Forums Manually Download: KB3119147
Windows 10 News
Continuing to protect Chrome users from malicious extensions
Source: Chromium Blog: Continuing to protect Chrome users from malicious extensions
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:15.
Find Us
Twitter Facebook Google+



Windows 10 Forums