Microsoft bug could let hackers take control of computers
NEW YORK — Google has revealed a critical bug in Microsoft Windows software that could give hackers full control of your computer.
The search giant’s security team discovered “zero day” bugs in Adobe and Microsoft software. “Zero day” is the term for unique, never-before-seen vulnerabilities that are dangerous because they’re live.
“The bug could be used as part of a larger attack to take control of the entire system,” security researcher Katie Moussouris, CEO of Luta Security, told CNNMoney.
Adobe addressed the bug with an update to its Adobe Flash Player on October 26, five days after it was first notified by Google. Microsoft, however, had yet to issue a fix, so Google went public with the bug on Monday.
Google’s security team is set up to search for exploits quietly lurking on the internet. It typically recommends that companies fix security issues within 60 days, but in 2013, it announced a more aggressive, expedited disclosure policy for urgent requests. That gave Microsoft just seven days to come up with a fix.
But Microsoft is contesting the seriousness of the bug, saying Adobe’s fix is sufficient.
“We disagree with Google’s characterization … as ‘critical’ and ‘particularly serious,’ since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week,” according to a Microsoft statement sent to CNNMoney.
Microsoft also said the bug was never effective in its Windows 10 Anniversary Update due to security enhancements.
However, Google says the Microsoft flaw still exists and can be “actively exploited.”
Microsoft unveiled its next-generation Windows software, called Windows 10 Creator Update, less than a week ago.
People should ensure auto updates are turned on for Flash, Windows, and Antivirus, and run Chrome, which prevents the bug from being exploited, according to Mourrouris.