Google Project Zero has disclosed yet another Windows vulnerability that can lead to elevation of privilege. Microsoft had initially stated that it would not resolve it, but is now working on a fix.
Build 22000.282 fixes for Ryzen L3 cache performance issue, and more
windows 11 insider preview
Google project zero RSS
Google's Project Zero team has disclosed yet another elevation of privilege exploit present in Windows given Microsoft's inability to properly fix it in the given 90 days time frame.
"Half-double" is a Rowhammer exploit which grants access to wider memory addresses on newer DRAM chips. Malicious code can potentially take control of the full system through this hardware bypass.
Malicious actors, reportedly from North Korea, are targeting security researchers with social engineering attacks using fake social media accounts, exploit claims, and injected malware.
Following multiple delays from Microsoft, Google's Project Zero security team has disclosed yet another high severity security flaw in Windows. If exploited, it can cause elevation of privilege.
Following a botched fix by Qualcomm which caused a new kernel privilege escalation bug, Google Project Zero has publicly disclosed details of a high severity security flaw in the Adreno GPU driver.
The "high" severity security flaw in GitHub publicly disclosed by Google's Project Zero team earlier this month has finally been patched. The security team has validated the fix and closed it.
Google's Project Zero team has disclosed a "high" severity security flaw in GitHub following the latter's inability to provide a fix in the 104 days - which includes a grace period - allotted to it.
Google's Project Zero team has publicly revealed yet another security flaw in Windows which allows elevation of privilege, claiming that Microsoft's fix is incomplete and does not resolve the issue.
The California-based firm slated Google's Project Zero for misrepresenting the scale and time period of the attack, and ensured customers that the vulnerability had already been fixed months back.
Google has revealed some discoveries made by its Project Zero team, indicating that attackers were targeting iPhone users over at least two years using security flaws fixed by Apple in February.
New variants of Spectre have been discovered by Microsoft and Google, which allow attackers to read privileged data. While mitigations will be available soon, they will result in a performance hit.
Despite Microsoft's repeated requests for an extension to the standard 90-day disclosure deadline, Google has gone on to reveal a "medium" severity flaw in systems with UMCI, such as Windows 10 S.
Google has exposed a "high" severity issue in Windows 10 version 1709, which allows the elevation of privilege by arbitrarily changing a file's security descriptor, but it can't be done remotely.
After Microsoft's failure to fix a flaw in its Edge browser in the allotted time, Google has publicly disclosed the bug - which allows bypassing Edge's ACG and creating an executable page in memory.