Home Cyber Security Google finds new Windows zero-day bug

Google finds new Windows zero-day bug

The bug allows attackers to run malware in the Windows 7 and 10 operating systems

A zero-day bug in Windows 7 and 10 is actively exploiting the vulnerabilities in the older versions of the operating system, revealed Google in a technical report last week. The Google Project Zero team notified Microsoft and expected the company to form a patch in a week.

On October 30, 2020, Ben Hawkes, team lead of Project Zero, Google, tweeted that the zero-day patch will be available on November 10.

The security team from Google shared details of the bug and a series of tweets about Windows zero-day bug (labelled CVE-2020-17087). A zero-day bug is a vulnerability in computer software that does not have any previously known malware signatures. The bug is being “used in the wild”, said Google in its report on October 22.

Hawkes revealed that the zero-day freetype was being used as a partnering attack with Chrome zero-day (labelled CVE-2020-15999), which the team had identified last week. Google had then deployed a security patch for the same in a stable version of Google Chrome update.

How are Windows 7 and 10 impacted?

Windows zero-day is present in the Windows kernel, which attackers can use to run malware on the operating system with additional permissions. According to Google’s report, the attackers used the Chrome bug to run malicious code inside Chrome browser. Windows zero-day allowed them to access vulnerabilities in the operating system, after escaping Chrome’s secure container in a sandbox escape.

The problem is present in all Windows 7 and some versions of Windows 10 operating systems. However, both the companies are unaware of the information or motives of the attackers as of now. Google’s Director of Threat Analysis Shane Huntley cleared that the reported attacks were targeted exploitation and were unrelated to the ongoing US elections.

Though Microsoft has not commented on the zero-day bug yet, the company said in a statement, “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

A spokesperson from Microsoft also added that the attack is very limited and targeted in nature, and that they have seen no evidence of widespread usage of the vulnerability.

Anushka Shrivastava
Media student | Writer | Avid Reader


Please enter your comment!
Please enter your name here

Most Popular

Global 5G chipset market forecasted to reach USD 22,929 Million by 2026

The growing demand for mobile data services is expected to increase the 5G chipset market size growth The global 5G Chipset market size is expected...

Government aims to setup one EV charging station for every 69,000 petrol pumps

To speed up the process, the government has also reduced 5% GST on electric vehicles In an effort to boost electric vehicle production in India,...

Samsung’s next wireless earbuds may “ditch” the Bean-shaped design

Samsung gained a lot of attention for its launch of beans-shaped Galaxy Buds Live Earbuds this year. Although at first, it seemed like the...

Why was Infinix Zero 8i launch delayed to Dec 3rd

Earlier in November, reports online began hinting that Infinix is gearing up to launch the new ‘Zero’ Series in India. The Infinix Zero 8...

Recent Comments