Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Google discloses unpatched Windows 8.1 vulnerability

Google discloses unpatched Windows 8.1 vulnerability

2015/01/05

Securityweek - (International) A security hole that was reported to Microsoft in September 2014 by Google's Project Zero initiative was disclosed through a proof-of-concept (PoC) for a local privilege escalation vulnerability affecting Windows 8.1 which does not check the impersonation token of the caller to determine if a user is an administrator after allowing application compatibility data to be cached for quick reuse when new processes are created. Microsoft reported that it is working on an update to address the vulnerability. [ed.: For more, read Google shows hackers how to exploit Windows 8.1 on the Optimal Security blog.]

Source: http://www.securityweek.com/google-discloses-unpatched-windows-81-vulnerability

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:22:59