Twitter User Exposes Zero-Day Vulnerability In Otherwise Pretty Secure Windows 10
By: Jim Stickley and Tina Davis
September 1, 2018
No one likes a tattletale; especially developers of products that are used all over the world in the millions. However, a Twitter user recently made public in a Twitter post that there is a zero-day exploit of the fairly cyber-secure Microsoft Windows 10 operating system. While exposing the issue this way hasn’t made her a friend of the technical giant, the exploit could allow an attacker to acquire permissions and get full control over a system. At least now we know about it...and so do the hackers.
Zero-day vulnerabilities are issues found that were not previously known and can exploited by those who have the know-how, time, and desire to do so. There is no available patch, because, well…the developer didn’t know about it. In this case, now that the cat’s out of the bag, it’s up to Microsoft to put the pedal to the metal and fix it before its customers get attacked.
And to Microsoft’s credit, a patch is planned for release soon though not as an emergency. Likely it’s because in order to exploit this one, the hacker must already be on the machine. That means that a carefully crafted phishing email could make that the case. Watch for phishing attempts. If you’re not expecting a link or attachment, don’t click it.
When the patch is released, likely in the first September patch schedule, be sure to get it applied right away. This is the case for any security or critical patches for all products and systems. Doing so significantly lowers the risk of someone getting into your machine and wreaking havoc.
US-CERT has confirmed this can affect fully patched Windows 10 systems, so this isn’t just some disgruntled Twitter user who wants to cause Microsoft grief and spread a rumor. It’s actually true. So, be sure to watch for the patch release and get it applied without delay.