• Google discloses actively exploited Win vulnerability

    Posted on November 2, 2016 at 05:43 CDT by Comment in the Forums

    Many of you have asked for my opinion about the “Google endangers us all as an act of hubris” articles making their way around the web. Emil Protalinski at Venture Beat has a good synopsis.

    (One technical note: Emil says “Windows 10 Anniversary Update users are not affected by the vulnerability being exploited in the wild.” In fact, it looks like only those using Edge in version 1607, the Anniversary Update- or Chrome – are immune.)

    Long and short of it: I don’t think we know the pertinent details, and doubt that we ever will. I’ve been in this industry too long to start pointing fingers based on a heated exchange between Microsoft and Google. No doubt both have reason to beef. Who’s right? I dunno. I doubt that anyone does.

    I have just one observation to offer. Terry Myerson, in his damning post Our commitment to our customer’s security, ends the lengthy explanation with this note:

    Special thanks to Neel Mehta and Billy Leonard of Google’s Threat Analysis Group for their assistance in investigating these issues.

    By all accounts, Mehta and Leonard are the ones who discovered the security hole.

    It just strikes me as odd.

    Looks like we’re going to get the fix on Nov. 8, as part of the regular Patch Tuesday.

    UPDATE: Confirming, based on the comments, that if you have Flash patched, you’re fine. The current infection vectors require Flash – although Windows itself needs to be patched, to cover an underlying problem. If that sounds obtuse, it is, but patching Flash (or not using Flash!) takes you out of harm’s way. For now.

    Windows Patches/Security , ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.