Google warns of a serious vulnerability in Microsoft’s Windows 7 and Windows 10 operating systems, as part of Project Zero, which examines vulnerabilities in popular products and services.
According to Google, the breach allows an attacker to disable computer activity, or crash various software and functions without the appropriate permissions. The current announcement avoids over-detailing the liability, as it says it is an active loophole that attackers even use on a daily basis.
The information that was provided indicates a malfunction in the information encoding mechanism built into the operating system, which allows the attacker to escape the memory space allocated to a particular software (Sandbox) to memory belonging to other functions of the operating system. The hack was discovered in two parts, the first is based on an error at the operating system level, while the second part is based on a vulnerability that existed in the Chrome browser and has already been fixed.
Microsoft, according to the announcement, will fix the operating system vulnerability in the next update to the Windows 10 operating system, which will be released on November 10. A separate update has also been released for the Windows 7 operating system, but will be available for download only for customers who have subscribed to an extended service pack (ESU).
By the way, and in light of the upcoming US election, Google decided to make it clear that along with the determination that attackers are already using the loophole for various cybercrimes, the company has no evidence that this loophole was used to disrupt the US presidential election in less than a week.
This is not the first time that Google has detected serious security vulnerabilities in Windows 10. In fact, the company has already helped Microsoft detect a number of different security issues that have already received various security patches.