Google’s Project Zero outs another yet to be patched Windows 10 security flaw

2 min. read

Published onFebruary 21, 2018

published onFebruary 21, 2018

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Google’s Project Zero computer and security researchers have just disclosed another Windows 10 security issue that has yet to be patched by Microsoft. With this latest saga, the search engine giant revealed an Elevation of Privilege flaw in Windows 10 which allows a normal user to gain administrator privileges (via The Verge.)

The full security flawcan be found hereand was originally brought to Microsoft’s attention in November as part of aseparate security issue with Windows 10. Microsoft addressed one of the issues, but labeled the elevation of Privilege flaw as “important” and not “critical,” claiming the flaw can only be exploited with a “specially crafted application.” Google, in turn, publicly and separately disclosed the Elevation of Privilege flaw today since Microsoft failed to patch it within Google’s90-day period. The flaw only affects Windows 10, and you can read more on it below.

In order to execute the exploit you’d have to already be running code on the system at a normal user privilege level. It cannot be attacked remotely (without attacking a totally separate unfixed issue to get remote code execution), and also cannot be used from a sandbox such as those used by Edge and Chrome. The marking of this issue as High severity reflects the ease of exploitation for the type of issue, it’s easy to exploit, but it doesn’t take into account the prerequisites to exploiting the issue in the first place.

Microsoft already faced criticism from the Google Project Zero team following the discovery of avulnerability in Edge this past weekend. It remains unclear if Microsoft will patch this latest flaw, but given how thingshave gone in the past between the two companies, they’re likely a few Microsoft engineers who are furiously working hard right now.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).

For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.

Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Radu Tyrsina

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Google’s Project Zero outs another yet to be patched Windows 10 security flaw#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Google’s Project Zero outs another yet to be patched Windows 10 security flaw