Microsoft Acknowledges New Windows Zero-Day Flaw

Posted on August 29, 2018 by Paul Thurrott in Windows 10 with 21 Comments

This week, a security vulnerability researcher used to Twitter to blurt out information about a zero-day flaw in Windows for some reason. So Microsoft was forced to acknowledge it, and says it will fix the flaw on the next scheduled Path Tuesday.

“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible,” a Microsoft statement explains. “Our standard policy is to provide solutions via our current Update Tuesday schedule.”

That statement is surprisingly uncritical of the idiot who published information about the vulnerability on Twitter with a link to proof-of-concept software code on GitHub.

I am not linking to that tweet on purpose. But as The Register reports, the flaw was quickly confirmed by CERT/CC vulnerability analyst Will Dormann.

“I’ve confirmed that this works well in a fully-patched 64-bit Windows 10 system,” he tweeted. “[Local privilege escalation] right to SYSTEM!”

What really sucks here, frankly, is that the security vulnerability researcher not only tweeted information about the vulnerability publicly, and without first warning Microsoft, but they also apparently tried to sell this information about a month earlier.

“A Reddit user with the same name [as the Tweeter] posted a number of times on Reddit asking about ‘selling Windows 0days’,” ZDNet reports. “However, at the time of writing, the posts have been deleted.”

And that researcher has since apologized for their actions, noting that “[they] screwed up, not [Microsoft]. (they are actually a cool company). Depression sucks … Anyway, I’m done with security.”

A bewildered world thanks you for the career change.

 

Tagged with

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register