Microsoft apparently just fixed a Windows security flaw first reported to it in 2018
By Usama Jawad · Aug 17, 2020
By Usama Jawad · Aug 17, 2020
[SHOWTOGROUPS=4,20,22]
Microsoft fixed quite a number of bugs in this month's Patch Tuesday update, which came out last week. While it packed numerous fixes for various versions of Windows, it did draw some criticism for the handling of a security vulnerability that was reported to it by Google.
However, it appears that the Redmond giant's security woes are not yet over as a new report claims that the firm just fixed a Windows zero-day exploit that was reported to it back in 2018.
Last week, Microsoft fixed a security hole in various versions of Windows that mainly deals with the operating system's incorrect handling of file signatures. Для просмотра ссылки Войдиили Зарегистрируйся, the company noted that:
или Зарегистрируйся, security researcher Tal Be'ery has explained that Bernardo Quintero, a manager at VirusTotal - a service owned by Google - first discovered the vulnerability being exploited back in August 2018.
This exploit, internally called "GlueBall", was immediately reported to Microsoft and the Для просмотра ссылки Войдиили Зарегистрируйся. Microsoft acknowledged the issue and added mitigation actions in supporting tools, but stated that it would not fix the issue in the operating system itself. The reasoning behind this decision is not public.
After this, several blog posts were published by other people, explaining how to use GlueBall to exploit Windows. Then in June 2020, Для просмотра ссылки Войдиили Зарегистрируйся.
It would seem that roughly around this time, Microsoft began to take this issue seriously and a proper fix to the gaping security hole was finally released in this month's Patch Tuesday. Для просмотра ссылки Войдиили Зарегистрируйся, this flaw was present in Windows 7, 8, 8.1, RT 8.1, Server 2008, 2012, 2016, 2019, and Windows 10, going all the way up to version 2004, and that it was exploited across numerous versions of the operating system.
Для просмотра ссылки Войдиили Зарегистрируйся, Microsoft stated that:
One has to wonder why Microsoft delayed fixing a Windows security flaw for nearly two years, especially when it was present in virtually all major versions of the operating system.
Source: Для просмотра ссылки Войдиили Зарегистрируйся via Для просмотра ссылки Войди или Зарегистрируйся
[/SHOWTOGROUPS]
Microsoft fixed quite a number of bugs in this month's Patch Tuesday update, which came out last week. While it packed numerous fixes for various versions of Windows, it did draw some criticism for the handling of a security vulnerability that was reported to it by Google.
However, it appears that the Redmond giant's security woes are not yet over as a new report claims that the firm just fixed a Windows zero-day exploit that was reported to it back in 2018.
Last week, Microsoft fixed a security hole in various versions of Windows that mainly deals with the operating system's incorrect handling of file signatures. Для просмотра ссылки Войди
Для просмотра ссылки Войди
This exploit, internally called "GlueBall", was immediately reported to Microsoft and the Для просмотра ссылки Войди
After this, several blog posts were published by other people, explaining how to use GlueBall to exploit Windows. Then in June 2020, Для просмотра ссылки Войди
It would seem that roughly around this time, Microsoft began to take this issue seriously and a proper fix to the gaping security hole was finally released in this month's Patch Tuesday. Для просмотра ссылки Войди
Для просмотра ссылки Войди
The handling of this incident from Microsoft's end is extremely strange, to say the least.
One has to wonder why Microsoft delayed fixing a Windows security flaw for nearly two years, especially when it was present in virtually all major versions of the operating system.
Source: Для просмотра ссылки Войди
[/SHOWTOGROUPS]
