Some major security flaws have affected all versions of Windows since Windows XP. These bugs were made public today, but it took Microsoft 90 days to make the security update.
It’s turned into a war against time for IT administrators around the world to make sure all Windows devices are up to date before hackers exploit security gaps.
In a report this morning, Google security researcher Tavis Ormandy discovered an critical design flaws in a module that is inside the Windows platform, since Windows XP.
“It has been possible for NT security breach of security limits for almost 20 years, and nobody notices anything,” said Ormandy, who is part of Google’s Zero Project’s elite security team.
In short, the vulnerabilities found allow attackers to remotely control a Window device.
Below is a video showing how an attacker can manage to gain administrative privileges on Windows using Ormandy detection.
What surprises us in this Windows security alert is that it has no CTF access control, leaving an attacker with no administrative privileges, remotely controlling any Windows application, and even the operating system of Windows device.
The second surprise is Microsoft’s slow response to Ormandy’s discovery. According to Google security researcher, it took more than a month for Microsoft to react after it shared its unveil with the software giant.
Well, system administrators around the world have higher expectations for the trillion-dollar company.