Microsoft patches Windows flaw reported by Google

Microsoft has kept its promise and delivered a vulnerability patch for its Windows operating system, for a flaw, revealed by Google, which allowed attackers to gain full control of a targeted system.

Releasing the details in a security bulletin, Microsoft says the flaw in the Windows kernel "could allow elevation of privilege if an attack logs onto an affected system and runs a specially crafted application that could exploit the vulnerabilities".

Once an attacker gains control of the system, they can install other malicious applications which would allow even easier access, eliminating the need for the original flaw. "To exploit the vulnerabilities, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerabilities and take control of an affected system".

"The update addresses the vulnerabilities by correcting how the Windows kernel-mode driver handles objects in memory”, it says in the bulletin. The important patch, named MS16-135, is currently available for Windows 7, Windows 8.1, Windows 10 and all Windows Server versions from 2008 to 2016.

One of the biggest contributors to the vast number of cyberattacks against both individuals and companies is an outdated operating system, or application. Besides having a quality cybersecurity solution in place, and having healthy online habits, it is important for everyone to keep their software up to date, to protect from different flaws, vulnerabilities, viruses and other malware.

Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.

Photo Credit: 360b/Shutterstock