Google’s Project Zero team has publicly disclosed a zero-day vulnerability in Microsoft Windows 8.1 after giving the software giant three months to patch the flaw.
Project Zero,Google’s security research team, published details of the bug online on December 29, 2014 after having discovered the vulnerability 90 days prior.
The flaw is in NtApphelpCacheControl, a function that is used for caching application compatibility information, and could be used to bypass user account control and allow a malicious application to act as an administrator.
According to Sophos security blog, the flaw can only be exploited if a device has already been compromised.
Although Google has given Microsoft 90 days to effectively patch the flaw, the Windows creator has not released a fix.
Meanwhile,
Google's page detailing the vulnerability has been filled with comments from
users who said this flaw's exposure could impact billions and its release would
ultimately harm Windows users.
Read the full story by itnews at: http://www.itnews.com.au/News/399131,google-discloses-zero-day-bug-in-windows.aspx#ixzz3O13zUiQP
