Google find Windows nuke-level vulnerability and cannot be fixed-bug warning-the black bar safety net

2017-05-09T00:00:00
ID MYHACK58:62201785982
Type myhack58
Reporter 佚名
Modified 2017-05-09T00:00:00

Description

Google security experts recently in the Microsoft Windows operating system find an unpatched vulnerability, and the security risk is high. Project zero researchers TavisOrmandy and NatalieSilvanovich this week announced that they on the Windows in the found they say“the worst”RCE, but did not provide any other details, because there is a significant risk. ! Microsoft has yet to respond to these statements, but Microsoft has provided a 90-day Windows to develop a patch and fix the vulnerability. If in the future 3 months without the release patch, the two researchers will be based on the Google Project Zero program policy, published online in the vulnerability details. This is not Google security researchers at the Microsoft Product found the first security vulnerability, if Microsoft and not within 90 days to repair the vulnerability, Google researchers will be within 90 days of the disclosure of vulnerability details. A recent Google security personnel found Microsoft vulnerability in February of this year, Google researchers disclosed the impact of Microsoft browser vulnerability details. Microsoft announced the next“patch Tuesday”cycle is part of the Fix, but Microsoft criticized Google for publicly posting all the details, and explained that such a disclosure of vulnerability details is likely to make hackers. ! If the user cannot be in on Tuesday to receive the vulnerability updates, which means that the user is likely to be to 6 months to receive a patch, and vulnerability exposure duration will be up to a month. Microsoft, this time you ready?