Finmaxbo › Blog › Google uncovered a hazardous weakness in Windows
Google uncovered a hazardous weakness in Windows
Engineers of Google who are working on Zero project have found out a drawback in the Microsoft Edge Browser. For a long time, the firm, according to The Verge, did not announce this vulnerability but Microsoft did not have time to mend it.
In the Windows 10 Creators Update, developers have launched Arbitrary Code Guard (ACG) technology to avoid attacks that related to downloading malicious code into memory. It allows the user to present only the code that has the relevant signature in memory. Nevertheless, experts have discovered a vulnerability that allows the user to go circumvent this protection. It can be deduced that attackers can put malicious code in the computer’s memory.
The vulnerability was detected in November 2017, however, as required by the regulations of Project Zero, developers are given 90 days for amendment. After 90 days, developers then launch a brief description of the problem. Microsoft admitted that it took a lot of time to mend the vulnerability and the patch will only incur in March 2018.
Once a vulnerability is officially launched, hackers know where to discover, and they can quickly launch exploits that put users and their data in predicament. But Google thought that it is safer to alert users the vulnerabilities and that doing so will “enhance both the state of web security and the cooperation of vulnerability management.”
Consequently, Google has operated afoul of Microsoft several times for uncovering security vulnerabilities before the software giant was already with a fix. Microsoft’s Terry Myerson famously appealed Google publicly in late 2016 after Google found out a significant weakness in Windows. At that time, he believed that Google choice to uncover those flaws before patches were broadly available and tested was frustrating and puts the customer in predicament.
Microsoft Edge is the standard Windows 10 browser that altered Internet Explorer. Furthermore, the version of Windows 10 S does not allow the users to shift the standard browser. Even when a user downloads a third-party application, all connections from emails to email and other services will operate in Microsoft Edge.