Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

Critical vulnerability found in Windows


A critical vulnerability has been discovered in Windows that is being used to compromise computers. This was reported on the Google Project Zero website.
 
Experts said that the bug refers to zero-day vulnerabilities, that is, to malicious systems against which protective mechanisms have not yet been developed. With the help of a bug, hackers can elevate the privileges of certain processes in the system to break it. The experts said that the cracking occurs through interaction with the Windows Kernel Cryptography Driver function, which causes a buffer overflow.
 
A study by Google Project Zero says that the new vulnerability is used together with the CVE-2020-15999 vulnerability in the Chrome browser, which experts discovered a few days ago. Using a system flaw, hackers are able to run malicious code inside the browser.
 
Google experts concluded that the zero-day vulnerability found is already being exploited by cybercriminals. Hacking with its help was organized on the latest version of Windows 10, but the exploit was also launched on older versions of the OS, in particular, Windows 7.
 
In July, cybersecurity experts talked about the oldest vulnerability that has allowed compromising Windows servers for 17 years. The problem affected Windows Server operating systems from 2003-2019. Experts rated it 10 out of 10 on the CVSS vulnerability scale.






03/11/20    Çap et