Google reveals unpatched vulnerability in Windows 7 and Windows 10

Posted 17 February 2017 16:44 CEST by Jan Willem Aldershoff

A Google security researcher has revealed a vulnerability in Windows for which Microsoft has not released a patch yet. The issue allows attackers to steal sensitive data (such as private userdata) from the system’s memory.

The vulnerability resides in the Microsoft Graphics Component (GDI) that is part of Windows versions ranging from Vista to Windows 10. The vulnerability can be exploited if the victim opens a specially crafted malicious EMF image that can be embedded in a Word document or HTML page.

On the 17th of November last year Google reported the vulnerability to Microsoft. Google gives software developers 90 days to fix the issue. If 90 days elapse without a broadly available patch, then the issue will automatically become visible to the public. In this case not only information about the vulnerability became public, the Google researchers also made a proof-of-concept to demonstrate how the leak works.

It’s not the first time a vulnerability is found in the GDI component. Microsoft patched a similar issue in December last year. It’s also not the first time Google researchers make a Windows vulnerability public before it’s patched. There are two known cases of cyber criminals abusing these unpatched disclosed vulnerabilities.



Mary Cahill
MyCE Junior Member
Posted on: 18 Feb 17 10:19
Microsoft's efforts to ram Windows 10 into everyone's computers made them appear as the money-hungry demanding "overlord" of technology.  Now, leaving computers unpatched and vulnerable makes Microsoft seems either incompetent or unconcerned with the welfare of their customers.  Right about now would be the perfect time for a Microsoft competitor to make their play!
0 Agree

Xercus
Moderator
Posted on: 18 Feb 17 21:56
The right time would be at the height of Microsoft force feeding Windows 10 on non-suspecting Windows 7/8 customers... Sadly, there really is no worthy opponent.

OS-X - Nope, it would mean jumping into the fire, proprietary hardware linked to software, store regime, low security (sorry iSheeps, it is correct) and more.

Linux - Too many forks (in the road) for that to happen. Linux is actually Linux' worst enemy. If they start to unify and work together on one to three different blends it would go faster, but Linux seems to have to go through natural evolution and currently there are more versions than ever. In other words, it may never become a real contender, sadly.

Linux has been my hope for years, ever since Windows XP when it became clear Microsoft had an effective monopoly. Linux is in server rooms all over the world, but for client operating systems, it is an esoteric format still.
0 Agree

TSJnachos117
MyCE Resident
Posted on: 19 Feb 17 03:27
Quote:
Originally Posted by Xercus
The right time would be at the height of Microsoft force feeding Windows 10 on non-suspecting Windows 7/8 customers... Sadly, there really is no worthy opponent.

OS-X - Nope, it would mean jumping into the fire, proprietary hardware linked to software, store regime, low security (sorry iSheeps, it is correct) and more.

Linux - Too many forks (in the road) for that to happen. Linux is actually Linux' worst enemy. If they start to unify and work together on one to three different blends it would go faster, but Linux seems to have to go through natural evolution and currently there are more versions than ever. In other words, it may never become a real contender, sadly.

Linux has been my hope for years, ever since Windows XP when it became clear Microsoft had an effective monopoly. Linux is in server rooms all over the world, but for client operating systems, it is an esoteric format still.
IMHO, all GNU/Linux needs to become a major commercial competitor to Windows is for on distro to get a huge amount of marketing money. If Debian, for example, were advertised on TV as often as Geico Insurance, Microsoft could find itself in real trouble. The fact that there are "too many" distros (in the opinions of people who are most definitely not me) wouldn't matter: Debian would be the one people hear about, so that's the direction they would gravitate towards. Lesser-known distros would continue to exist, but users who don't know what to choose would choose Debian, and developers would prioritize Debian support.

Of course having GNU/Linux pre-installed on as many computers as possible would go a long way as well. I do believe that's what made Windows so popular in the first place: toward the end of the DOS days, Microsoft went out of it's way to have Windows 3.x pre-installed on as many computers as possible.
0 Agree

Xercus
Moderator
Posted on: 19 Feb 17 13:20
"The fact that there are "too many" distros (in the opinions of people who are most definitely not me) wouldn't matter"

I'd suggest we repeat this on topic in another thread instead of burying it here as it is interesting, but for the record:
I say that based on the standpoint of the common Windows user. We both know there are a few grandfather distros from which most new derive, but if you look at it from a user with no or little prior Linux knowledge, the number of distros will soon become overwhelming and so they will likely hide behind their Windows computers again without making the switch... Which is really sad.
Sure, the users are where the programmers are, but it works both ways. Programmers are likely to flock where the users are just as you indicate
0 Agree

Reactions closed

Sorry, you can't comment on this item anymore. It's either too old or comments are disabled for this post.

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×