The biggest tech companies may be rivals, but that doesn’t mean they won’t help each other out once in a while. Project Zero, a group of bug-hunters working for Google, find dangerous security flaws for other companies all the time.
And once they discover a bug, they let rival companies know they have an issue so there’s enough time to fix it. Project Zero has even helped Apple solve a security flaw — and it’s one of Google’s biggest rivals! Tap or click here to see what Project Zero found in iOS.
And now, Project Zero is letting Microsoft know it has a critical bug on its hands. Windows 10 is no stranger to security flaws, but the one discovered by Project Zero appears to have already been exploited by hackers. Here’s what you need to know, as well as what you can do until a patch arrives.
Google finds bug in Windows 10 before Microsoft
Bug-hunters working for Project Zero have reported a dangerous new security flaw in Windows 10 that hackers are actively using. The bug, which has been labeled CVE-2020-17087, has to do with the way Windows 10 handles Google Chrome’s “sandbox mode,” which is usually hidden from users.
Sandbox mode is a developer tool, and it’s normally isolated from Chrome and other apps on Windows. This new bug allows hackers to escape sandbox mode and run malicious code on other parts of the operating system.
To make matters worse, Windows 10 isn’t the only system affected. Users running older versions of Windows 7 are also vulnerable — and that operating system already has way more threats to deal with now that Microsoft no longer supports it.
What can I do to protect myself? When is a patch available?
First, a bit of good news: Microsoft has acknowledged the bug and pledges to release a patch for it on Nov. 10. This means we only have a little over a week to worry about the exploit.
That said, Microsoft is urging calm in response to the bug. According to the company, cyberattacks exploiting it now are “targeted” in nature, which means they’re going after specific people and groups instead of individual users. From what Microsoft can tell, these attacks have nothing to do with the 2020 election.
In the meantime, there are still a few steps you can take to make sure you’re as safe as possible until the patch is released:
- If you use Google Chrome, stick to familiar corners of the web. Don’t wander to unknown websites or forums — especially places where you can download media, games or apps from third parties.
- Avoid opening links sent to you by email. The same goes for attachments. If someone you know sends you links or attachments, contact them first and verify they actually sent it. Tap or click here to see a nasty strain of malware that masquerades as your contacts.
- Scan your system frequently for malware. You never know what an old download or attachment may have done to your system. Tap or click here to see our favorite free online virus scanners.
It’s a good thing that Microsoft has a patch in the works so we can put this security risk behind us. But it does open up another question: Will the update from Microsoft break something else in Windows 10?