Patch/Configuration Management, Vulnerability Management

Google engineer finds Windows kernel bug

A security engineer on Tuesday posted details about an unpatched Windows kernel vulnerability. The flaw affects all versions of the operating system and can result in privilege escalation, according to an advisory posted to the Full Disclosure mailing list by Google engineer Tavis Ormandy. A successful exploit can allow an attacker to change the address for the kernel stack. Ormandy was responsible for reporting the lone vulnerability patched in last week's Microsoft security update. A Microsoft spokeswoman had no immediate comment. — DK

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.