Dec 22, 2024 | Updated: 11:35 AM EDT

Google’s Project Zero Targets Windows Vulnerability Which Leads To Publishing Exploits

May 09, 2017 06:19 PM EDT

Based on the quantity of exploits that have surfaced over the several months, one might be tempted to think that the internet and PCs are generally unprotected which are wide open for an attack. Sad to say, this is actually true, a significant number of highly visible and scary-sounding vulnerabilities have been documented lately.

According to Network World, the latest one came from Google's Project Zero which locates flaws in systems like Microsoft Windows and promises to publicize them no later than 90 days after notifying the developer. The team has been true to their statements, publishing exploits before they've been patched, in which it has discovered one that it claims is the Worst in recent memory.

As of now, Project Zero won't reveal any additional information about the flaw, due to its own 90-day disclosure deadline. Theoretically, Project Zero has passed the information along to Microsoft, which is hopefully in the process of figuring out what's the best step to cure the exploit. Unfortunately, Microsoft might not able to give a fix this month's Patch Tuesday security updates that were scheduled on May 9. It would still have at least one more Patch Tuesday to issue a fix before Project Zero makes the vulnerability public.

As noted by The Hacker News, Microsoft has been a Project Zero target in the past including some instances where the vulnerability was publicized before Microsoft issued a patch. The Google team has therefore been a target of some general angst around its policies, even as it likely succeeded in prodding developers to move expeditiously in fixing flaws in their code.

Meanwhile, this particular vulnerability serves as a reminder to make sure to keep our PCs updates with the least security patches, and to ensure that its malware software is also up to date. As this vulnerability affects Windows, Apple's MacOS users are not immune to attack and should take their own precautions as well.

Real Time Analytics