Zero day Microsoft Windows flaw lets hackers take full control of Windows PCs

“Google has revealed a critical bug in Microsoft Windows software that could give hackers full control of your computer,” Sara Ashley O’Brien reports for CNN.

MacDailyNews Take: Not our computers. We don’t use crap.

“The search giant’s security team discovered ‘zero day’ bugs in Adobe and Microsoft software,” O’Brien reports. “‘The bug could be used as part of a larger attack to take control of the entire system,’ security researcher Katie Moussouris, CEO of Luta Security, told CNNMoney.”

“Adobe addressed the bug with an update to its Adobe Flash Player on October 26, five days after it was first notified by Google. Microsoft, however, had yet to issue a fix, so Google went public with the bug on Monday,” O’Brien reports. “Google says the Microsoft flaw still exists and can be ‘actively exploited.'”

Read more in the full article here.

MacDailyNews Take: Windows. Same as it ever was.

SEE ALSO:
The debate is over: IBM confirms that Apple Macs are $535 less expensive than Windows PCs – October 20, 2016
USB Kill 2.0 can destroy any Windows PC in seconds, Apple Macintosh unaffected – September 12, 2016
Microsoft’s Windows 10 Anniversary Update freezes systems, breaks millions of webcams – August 20, 2016

18 Comments

  1. Never a week goes by where I am cleaning a Trojan horse from some poor students mac, once it was a full blow warez distributing IRC bot.
    Windows is fine, OSX is fine.

    Users are not fine.

    1. You can’t teach stupid, that’s not apple’s fault. If they have their security settings correctly configured and don’t just randomly enter their admin password, Trojans don’t happen. The fact remains that there are no self proppogating viruses for OSX or iOS, don’t try the false equivalency nonsense.

      1. I haven’t seen an actual virus for Windows in the Wild in ages either. Almost every vulnerability discovered now, Mac or Windows, is of the flaw in software type. They typically require the user’s cooperation, and they almost always require the user be privileged. This is why it’s a good idea not to run with privileges generally. Run in standard mode, and if you find you need privileges, then give the system an administrator username and password. Otherwise you seldom need privs.

      2. Also remember that Voice of Reason is about as bright as a small appliance bulb. Trojans do happen. Each time you see a fake Flash install, its a trojan, for instance. Most attacks by far come from the web. The most common exploits are adware, and other crap that screws up browsers, DNS, browser toolbars from hell, forcing people onto different search engines, etc. etc.

      3. Regarding proper security settings… Last week I was conferring with some colleagues about a fake Flash installer (among several) called “SilverInstaller”. It installed crapware considered to be PUA/PUP (Potentially Unwanted Applications/Programs). Before it was stopped, it was using a LEGITIMATE Apple developer security certificate. We’re still trying to sort out whether the certificate was stolen or the developer was so stupid as to foist malware on unwitting victims. Apple has been silent about it.

    2. There have been more distinct known vulnerabilities published for OS X in 2016 for than Windows. The difference is that the vulnerabilities are seldom exploited, i.e. turned into full fledged attacks in the wild. The only possible reason this is true is that it’s just not worth it to hackers. Security through obscurity.

      The numbers I recall are approximately 222 for MacOS 131 for Windows 10, 102 For Windows 7.

      The highest number of 2016 vulnerabilities is Android well over 450.

      Apple has improved greatly since 2015 where OS X led the list at over 380 something, and surprisingly iOS was #2 at 375.

      Schools are the most difficult environments to secure. Hopefully none of your students run in privileged mode Frankenstein!

      1. While this is enough to convince me to not take security for granted on the Mac, I have not taken this data and done a formal analysis on the average severity of a Mac vulnerability vs a Windows vulnerability and how often access to the system is obtained for instance.

    3. The worst security flaw in computing systems consistently turns out to be the USER. On Mac OS X, almost all malware have been Trojan horses. There have been around 125 of them so far. A couple of them have resulted in botnets of hundreds of thousands of Macs.

      Thankfully, as of Snow Leopard, Apple has been vigilantly disposing of malware Trojans by way of their embedded XProtect system.

      The term I learned to use regarding computer users who can’t help but invite in malware is: lusers. Social engineering has been remarkably successful. It’s simply an extension of the old concepts of propaganda and confidence tricks. There’s a luser born every minute. I personally call it the Luser Syndrome.

      Sadly, we may all be susceptible, depending upon the circumstances.

      OK, hit me. But… The Republican party certainly proved themselves to be lusers by inexplicably allowing the Trump Trojan to…

    1. That is one of my favorites. I love how they found the retro outfits all the way back to those flip-up sunglasses. Such a simple, but effective message: “trust me”.

  2. Pft! This may be a pesky Windows zero day exploit. But it’s nothing next to this bomb shell:

    Windows Atom Tables popped by security researchers
    You can’t duck and cover from AtomBombing

    Wonderful: a security researcher has found a way to abuse the system-level Atom Tables in Windows – all versions of Windows, through to Win 10.

    Atom Tables are defined by the system to store strings with an identifier to access them; they can be global (like the tables that pass data via DDE between applications), or local (for use by a single application)….

    In its “AtomBombing” attack, an attacker “can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.”

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.