>According to a blog post by Google's Threat Analysis Group, the reason behind going public is that it has seen exploits for the vulnerability in the wild and according to its internal policy, companies should patch or publicly report such bugs after seven days. The zero-day is a local privilege escalation vulnerability that exists in the Windows operating system kernel. If exploited, the flaw can be used to escape the sandbox protection and execute malicious code on the compromised system. >The flaw "can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD," Google's Neel Mehta and Billy Leonard said in a blog post. Chrome actually blocked the vulnerability for itself using win2k sandboxing, since winpajeets failed to fix this themselves
""""Microsoft is not at all happy about the disclosure.""""
>Microsoft said Google's disclosure has potentially placed customers at risk, adding that the company believes in coordinated vulnerability disclosure.
kek someone count the days until this gets fixed if ever if it was on linux it would be fixed already but windows is a closed source spaghetti
William Murphy
A lot of these exploits aren't just magical bullets. You still need to access the system in the first place.
Ryan Roberts
>Coordinated vulnerability disclosure
Aka if no big client get hit,and only a few non emprise fag ignore it
Aiden Cook
Negro please, I keep Windows fully updated, avoid malicious websites and torrents, and have a reputable AV in charge of my system.
Camden Perry
THIS is why you NEVER run windows outside VMs
Jaxon Clark
>windows >""anti"" virus lmao go back to
Isaac Jackson
Fucking lol, to exploit this you need win32k.sys access. If you let an app get that kind of access, you have way more serious problems than this exploit.
Also, can't be exploited through Edge (Firefox not yet confirmed)... but can be abused through Chrome that has system access.
Malicious botnet browser by a malicious and evil company. That the day would come that I hate google more than MS. Fucking lol, pathetic excuses for human beings...
Jace Robinson
So being proactive is considered Sup Forums? What are you smoking?
Kevin Foster
>le google this >le google that >i read up about le google every day
honestly wish a bullet was put through your head
Jaxon Hughes
I don't use Chrome. Firefox I don't use any suspicious add-ons and ublock keeps the fishy websites away.
You have to be really dumb to fall for exploits and wreck your system.
Jonathan Gray
Videogaming is not being productive
Robert Perez
I work in Finance and need Excel, QuickBooks and ERP related software for financial reporting.
These are Windows exclusive.
Caleb Nelson
WINCUCCS REKT AGAIN
Ryan Sanchez
>windows is a closed source spaghetti
you're darn tootin'
Jason Phillips
>ERP SAP faggot detected
Camden Thompson
>erp
kill yourself you lonely faggot
Kayden Long
...
Owen Lopez
IT'S OVER MICROKEK IS FINISHED AND BANKRUPT WINPOOKEKS ON SUICIDE WATCH
David Bennett
>darn >tootin'
(((Autism Speaks)))
Isaiah Clark
Name one major company that does not rely on Oracle and SAP modules. Everything is interconnected so data can be processed real time for daily reporting.
Cooper Carter
THIS IS GOOGLE DAMAGE CONTROL
GOOGLE KNOWS 99% OF ANDROID DEVICES HAVE AN UNFIXABLE VULNERABILITY AT KERNEL LEVEL
THEY ARE TRYING TO SAY HEY DON'T LOOK AT US, LOOK AT THEM
IT'S PATHETIC AND IRRESPONSIBLE
1.4 billion Android devices vulnerable to hijacking thanks to Linux TCP bug 8 out of 10 Android devices vulnerable to spying since they are vulnerable to the Linux TCP bug.
100% OF WINDOWS DEVICES HAVE AN UNFIXABLE EXPLOIT AT KERNEL LEVEL
THEY ARE TRYING TO SAY HEY DON'T LOOK AT US, LOOK AT THEM
IT'S PATHETIC AND IRRESPONSIBLE
An UNFIXABLE windows bug has been exploited. So easy anyone can do it....
it provides you with the program you need to exploit the bug, as well as the instructions, which are easy enough for everyone here to follow. With it you can gain full priviledges from a guest account!
Apperantly this is unfixable right now and MS does not even consider it a flaw/bug.
why are we still making these threads? All OSes have a shitload of vulnerabilities, or are we pretending they don't? Anyone dedicated can break into your computer in minutes
Aaron Nguyen
apply for janitor then fatass
Camden Thompson
it's not the fact that windows has vulnerabilities, it's the fact that google is shitting on microsoft for not fixing their shit fast enough
I guess I can't. Which OS are you shilling and does it show 0 on the list?
Anthony Parker
>to exploit this you need you need win32k.sys access L M A O Get a book on how your operating system works before talking about it.
Any application will be able to exploit this and escalate privileges. And most applications will be able to get used as leverage for a remote attacker.
Juan Lewis
Shilling against the one that has the most vulnerability by the largest margin
David Bennett
yeah I do, one OS has 50x the usage share of the other and is more actively targeted, therefore many more vulnerabilities are known
Angel Wright
>anything above 0 is a shitload shifted those goalposts real fast, didn't you?
Jaxon Bailey
Google has x150 usage than Micropoo
Lucas Cooper
Neither is spending all your time ricing or trying to figure out how to change the most basic shit.
Logan Carter
what the hell is "google"? Android? Wasn't there a critical Android kernel vulnerability discovered just last week?
Zachary Wilson
Didn't say that. >link Going after pirates is pretty mild compared to other shit they've done
Google Vs M$ is like comparing the merits of two diseases (or Trump vs Clinton)
Grayson Fisher
You mean the thing that happens to windows everyday?
Jacob Johnson
>yeah I do, one OS has 50x the usage share of the other Linux has the largest market share by far, among both consumers and enterprise servers etc.
Ethan King
yeah. See my point now?
Aaron Rodriguez
Not really, All I see is windows getting hit by vulnerabilities 24/7
Juan Robinson
source? Especially the consumer part
Austin Phillips
google "android marketshare"
Nathaniel Wood
Linux has no "market share" at all since it's not on the fucking market.
Say Linux is the most used and we'll believe you but there will be no way to prove
Joshua Baker
>proactive
I hate you.
Benjamin Hill
Android has more usage than Windows? Please off yourself for that comment
Aiden Rogers
>Linux has 5.5% of the critical vulnerabilities versus Windows at 7.9%
holy shit I use Linux but this is way closer than I want it to be
Isaiah Anderson
That's weighed average so average vuln level of linux is 6 while on windows it's 9/10
Lincoln Sanders
That we know of on winblows
Jayden Clark
like I said shockingly close
I would have thought Windows is 10/10 and Linux is like a 3.
Aiden Brooks
and that we know on Lelnix. Like I said, way more people are looking on one than the other
Gabriel Nguyen
Whats worse, Being spied on for years on end by corporations that want to manipulate you or, A security breach by a criminal?
One could drain your bank account, the other can manipulate voter opinion, track your thoughts as they develop, and influence society.
Connor Cox
>One could drain your bank account that one
Brandon Cook
Mememememme
Chase Reed
>android phones aren't sold commercially
Easton Collins
Here's your (You)
Nolan James
Guessing you can't read?
>Linux 2% >Windows 41%
Liam Perry
>Windows 4300 vulnerabilities >Linux 1350 >The bug-ridden piece of shit PajeetOS has barely 3 times as many critical bugs
AAHAHAHAHAHAHAHAHA
Ian Rivera
ok now take those stats back to the early 1990s for this to be relevant
Dominic Miller
>fishy websites >visits Sup Forums Top kek m8 here's your (You)
Justin Hughes
the huge difference is in how fast they get fixed.
Ethan Evans
like that Linux kernel bug that has been there for 9 years?
Robert Nelson
Those stats are since the early 2000s
Also, Microsoft still generates about 10 as many critical vulnerabilities to this day. Stats since 2016:
Most of those Linux vulernabilities are low-score (i.e. mostly harmless) ones.
Most of those Windows vulnerabilities are high-score (i.e. your shit can get rooted remotely) ones.
Benjamin Wright
I never said Microsoft doesn't develop turds
I said, unless you download .exes from Russian websites, the realistic danger for you is 0, unless someone serious wants to get into your computer, at which point you're fucked whatever OS you use
Gavin Rodriguez
Sure, just keep pretending security vulnerabilities don't happen and maybe you won't even notice whenever your internet seems to be slow because you're part of a DDoS botnet
Jack Perez
...
Brody Martinez
I run security scans often enough. That plus the security patches takes care of the low-effort infiltration and as for the high-effort - you might be in a botnet right now without knowing it
Kayden Hill
>damage control/10
Joseph Ross
>I run security scans often enough. yes goy, give your $$$ to symantec, i'm sure it will keep you safe :^^)
Colton Ortiz
learn to read, I'm not gonna spoonfeed you
Julian Roberts
not an argument. How's that botnet on your computer?
Ian Allen
Been there is not the same as being there and having been disclosed.
Luke Butler
it's under active exploit so it sounds like whoever needed disclosing got it
David Phillips
keep up the good work, Rajesh. everyone at Microsoft is counting on you.
Justin Williams
>can't even reply to the right post the Linux power user, everybody
Luke Morgan
>Sup Forums is one person the Microsoft evangelist, everybody.
