Windows 10 security flaw is under active attack — what you need to know
A patch is expected within the next week
Google disclosed a zero-day vulnerability in Windows 10 last month, and it's currently being used in the wild.
The security flaw, filed as CVE-2020-17087, puts both Windows 10 and Windows 7 at risk. Google gave Microsoft the standard 7-day notice to patch the issue, but a week has come and gone with no solution. As a result, Google's Project Zero security team published its findings publicly.
Without getting too deep into the technical bits, this flaw allows bad actors to escalate what type of user access they have in a system. Used alongside a bug in Chrome (that Google already resolved), the vulnerability would allow hackers to plant malware on a Windows 10 PC.
Project Zero’s technical lead Ben Hawkes tweeted that Microsoft plans to issue a patch on November 10, or about a week after the issue was disclosed.
"Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers," Microsoft said in a statement to TechCrunch.
It continued, "While we work to meet all researchers’ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption."
Google says the vulnerability is being actively exploited but it's unclear who is behind the attacks. As reported by TechRadar, Google's director of threat, Shane Huntley, says the attacks were "targeted" and not linked to the ongoing U.S. presidential election.
Not every deal is worth a squeal. Get only the good stuff from us.
The deal scientists at Laptop Mag won't direct you to measly discounts. We ensure you'll only get the laptop and tech sales that are worth shouting about -- delivered directly to your inbox this holiday season.
While this all might sound very concerning, the risk level of most Windows 10 users is very low. As Huntley stated, these are targeted attacks, which likely means they are aimed at high-profile users, like celebrities. You don't need to take any drastic action but we do recommend installing anti-virus on your PC to keep your files protected until Microsoft pushes out a fix about a week from today.
Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.