Microsoft protects Windows 10 against zero-day attacks

Security measures that Microsoft introduced in the Windows 10 Anniversary Update have prevented two zero-day attacks against Windows users. Both were kernel-level exploits that allowed attackers to elevate their rights on the attacked system.

ADVERTISEMENT

One of the leaks was used in combination with a vulnerability in Adobe Flash Player, while the other targeted the font library of Windows. Attacks took place in October and November last year and were patched in the same month. Computers running Windows 10 with the Anniversary Update applied were already protected against the threat. Security measures introduced in this update made sure the attacks didn't work, while the vulnerabilities were present.

This way not only this specific exploit was solved, but also the exploit methods, according to Microsoft.

"These mitigation techniques are significantly reducing attack surfaces that would have been available to future zero-day exploits," the company writes on its website.

ADVERTISEMENT

The attacks were not performed on a large scale, one was a spear-phishing campaign targeting a small number of think tanks and nongovernmental organizations in the United States. The other exploit was used in low-volume attacks primarily focused on targets in South Korea.

With the release of the Windows 10 Creators Update, later this year, Microsoft will add even more measures against kernel level exploits.

No posts to display