loader gif

Windows 10 'Crypto' Vulnerability Outed By Google Researcher Before Microsoft Can Fix It

Windows 10 'Crypto' Vulnerability Outed By Google Researcher Before Microsoft Can Fix It (Malware and Vulnerabilities)

A security researcher who is part of Google's "Project Zero" team tasked with hunting down zero-day vulnerabilities, has gone public with an exploitable Windows vulnerability that Microsoft is still in the process of fixing. Tavis Ormandy has tweeted that he had uncovered a security issue with the core cryptographic library for Windows, revealing that, "Microsoft committed to fixing it in 90 days, then didn't." As a result of not meeting the Project Zero deadline to fix such issues, which is partly designed to encourage more resources to be applied to software security, Ormandy went on to state, "Today is day 91, so the issue is now public." It was first reported by Ormandy on March 13, then on March 26 Microsoft confirmed it would issue a security bulletin and fix for this in the June 11 Patch Tuesday run. On June 11, Ormandy stated that the Microsoft Security Response Center (MSRC) had, "reached out and noted that the patch won't ship today and wouldn't be ready until the July release due to issues found in testing."

loader gif