In October Google revealed about undiscovered flash and windows vulnerabilities. The problem with Adobe has got settle, but Windows vulnerability remains same.
After revelation Adobe and Microsoft has solved this problem with the help of Tech Titan on October 21st. Adobe has announced Flash update on October 26th but Microsoft still now didn’t announce platform for this update. Whereas coming to windows, unpatched Windows flaw is being actively exploited.
Google has given description Windows flaws as follows
“The Windows vulnerability is a local privilege growth in the Windows kernel; it can be used as a security sandbox escape. It can be triggered by the win32k.Sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. This Chrome’s sandbox blocks win32k.Sys system calls by using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability”.
It is easy is to fix the problem in a flash than in operating system. Seven days might not be sufficient for the Microsoft to address the problem. The period is too short for the vendors to update their products. One of the speaker said this issue puts customers at risk. “We all believed in the vulnerabilities revealed, but this issue puts customers at risk. Windows are the only way to communicate with the customer to investigate the security issues”. They recommend Windows 10 and Microsoft edge browser for best protection.
To stop the hackers exploiting Google has announced these vulnerabilities. Microsoft gives the explanation on this issue that “Flash bug is needed for hackers to exploit the windows, so we update the flash player”. So people make sure to update your flash player. In meanwhile, Microsoft will release patched windows version.