Microsoft has finally fixed a “critical” Windows kernel vulnerability that could potentially allow a hacker full control of a PC.
The vulnerability was first reported by Google, which came under fire from Microsoft and some security experts for exposing the flaw without giving the company time to fix the problem.
The vulnerability also affects Adobe Flash and both companies (Adobe and Microsoft) were given 10 days to fix the issue. Adobe issued a patch in time, but Microsoft wasn’t able to do the same. This is understandable considering the complexity of an operating system.
Do note that if you’re running the latest version of Windows 10 and a modern, updated browser like Chrome or Edge, you’re already safe. The vulnerability affects older systems and browsers.
Hackers are already exploiting this vulnerability in the wild and Microsoft was understandably frustrated at Google’s disclosure. “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” said Microsoft in a statement.
The patch, made available last night, fixes the issue on all supported Windows versions (from Windows Vista SP2 onwards). In other news, Google is yet to fix a critical privilege escalation vulnerability (called Dirty Cow) that affects all Android phones. In fact, Google will probably take over 30 days to address the issue.