Google finds new Windows zero-day bug

The bug allows attackers to run malware in the Windows 7 and 10 operating systems

A zero-day bug in Windows 7 and 10 is actively exploiting the vulnerabilities in the older versions of the operating system, revealed Google in a technical report last week. The Google Project Zero team notified Microsoft and expected the company to form a patch in a week.

On October 30, 2020, Ben Hawkes, team lead of Project Zero, Google, tweeted that the zero-day patch will be available on November 10.

The security team from Google shared details of the bug and a series of tweets about Windows zero-day bug (labelled CVE-2020-17087). A zero-day bug is a vulnerability in computer software that does not have any previously known malware signatures. The bug is being “used in the wild”, said Google in its report on October 22.

Hawkes revealed that the zero-day freetype was being used as a partnering attack with Chrome zero-day (labelled CVE-2020-15999), which the team had identified last week. Google had then deployed a security patch for the same in a stable version of Google Chrome update.

How are Windows 7 and 10 impacted?

Windows zero-day is present in the Windows kernel, which attackers can use to run malware on the operating system with additional permissions. According to Google’s report, the attackers used the Chrome bug to run malicious code inside Chrome browser. Windows zero-day allowed them to access vulnerabilities in the operating system, after escaping Chrome’s secure container in a sandbox escape.

The problem is present in all Windows 7 and some versions of Windows 10 operating systems. However, both the companies are unaware of the information or motives of the attackers as of now. Google’s Director of Threat Analysis Shane Huntley cleared that the reported attacks were targeted exploitation and were unrelated to the ongoing US elections.

Though Microsoft has not commented on the zero-day bug yet, the company said in a statement, “Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.”

A spokesperson from Microsoft also added that the attack is very limited and targeted in nature, and that they have seen no evidence of widespread usage of the vulnerability.


Please enter your comment!
Please enter your name here

Hot Topics

India achieves record growth in export of electronic goods worth ₹8,806 crore

Companies registered under PLI are expected to produce products worth ₹10.5 trillion. The addition of PLI on IT products would add ₹2.45 trillion...

Oppo Band Style all set for India launch on March 8

With the growing demand for fitness bands, Oppo seems to be joining the ranks as it is set to debut its first fitness band...

iPhone 13 series expected to appear with 1TB internal storage

Leaksters predicted that there will be an improvement in the LiDAR technology in all the upcoming iPhone models. Popular tipster Jon Prosser mentioned...

Related Articles

Apple’s official online store to discontinue iMac Pro?

The Cupertino tech giant Apple has unexpectedly decided to cease the sale of its most top-notch desktops, the iMac Pro and the users will...

Reliance Jio working on reasonable laptop: The JioBook

Reliance Jio is developing a new product, tentatively named the ‘JioBook’. Likely to be launched this year, the JioBook is a laptop that will...

Keep your washing machines ‘fit’ to stay safe

Appliances, with safety tips ignored, can be less safe to use. While brands promptly recall products when a technical flaw is discovered, it’s also...