Google-publicised security flaw patched by Microsoft
Recently, Google disclosed a security hole in Windows as well as other security flaws across Microsoft’s products. Now, it seems that a week later, a patch was released for these flaws. Since Google wasn’t able to patch a flaw in its own source code, Microsoft took care of the problem in its latest Patch Tuesday release.
On the second Tuesday of each month, Microsoft releases a new Patch Tuesday and in the latest release, a patch for a vulnerability discovered by Google’s team was introduced. This vulnerability allowed malicious code to escape from its sandbox, giving hackers the possibility to run code within a web browser and exploit affected devices.
In the November update, included are fixes for other publicly disclosed security vulnerabilities, with one of them under active attack. There were also holes in Microsoft Edge and Internet Explorer web browsers, a flaw in Windows’ font handling subsystem, while the fourth vulnerability was a remote code execution bug in Office, which could be exploited when a user opens a specially-crafted malicious document.
The Patch Tuesday comes also with a security update for Adobe’s Flash Player software, which gained a bad reputation for its critical vulnerabilities even if the developer is releasing updates to fix as many flaws as possible.
Microsoft has moved pretty fast and patched the flaw highlighted by Google a week ago. However, the advertising giant wasn’t capable of releasing a patch for the Dirty COW vulnerability that affects Android OS and which behaves exactly like Microsoft’s flaw, meaning that it allows malicious applications to execute root-user-level privileged code. Google has only released a separate fix for its Nexus and Pixel devices, while other Android handsets will need to wait until December when the update with the patch will roll out. Most likely, some vendors will take action in the meantime and patch the flaw themselves.
RELATED STORIES TO CHECK OUT:
- Improve Windows 10’s security with Win10 Security Plus
- November non-security Office updates now available for download
- Microsoft and Adobe release a new security patch for Adobe Flash Player in Microsoft Edge
The Adobe Acrobat PDF (Portable Document Format) software throws out an “Acrobat failed to connect to a DDE server” error message for some users. That […]