Discovering vulnerabilities and failures in systems is one of the tasks of Project Zero, a team of security analysts used by Google who specialize in the so-called ‘Zero-day Vulnerabilities’ (Zero-day or 0-day), unknown vulnerabilities for users and for the creator of the software or product and that have not yet been fixed. Precisely like the one they have found in the Windows system.
0-day on Windows 7 to 10
Project Zero has discovered a new vulnerability in the Windows operating system that, according to the OSI, “could be actively being exploited by cybercriminals through malicious software, allowing privilege escalation and obtaining administrator access on compromised computers. ”. The worst part is that the bug affects all versions of Windows, from Windows 7 to the most recent version of Windows 10.
The security flaw or vulnerability of type 0-day affects the Windows kernel, that is, the main part of the software with greater execution privileges, which when exploited through malicious software would allow the attacker to elevate user privileges to obtain administrator access on the affected device, thus being able to carry out information theft.
How to fix the vulnerability in Windows
The good news is that Microsoft is aware of this vulnerability and is going to fix it with the next security update. The bad news is that this patch does not come out until November 10, so you still have to live with it for 5 more days.
To be installed as soon as it is available, it is best to keep the system updates configured so that they install automatically. You can check it from: Settings> Update and security> Windows update.
The OSI also recommends “keeping the Google Chrome browser up-to-date, since the attackers have used another 0-day vulnerability to execute the malicious code.” However, the Google Chrome vulnerability was fixed in version 86.0.4240.111 of the browser.