Skip to Content
© Paulus Rusyanto | Dreamstime.com
Security & privacy

Hackers exploiting new Windows vulnerability – Is your system at risk?

The biggest tech companies may be rivals, but that doesn’t mean they won’t help each other out once in a while. Project Zero, a group of bug-hunters working for Google, find dangerous security flaws for other companies all the time.

And once they discover a bug, they let rival companies know they have an issue so there’s enough time to fix it. Project Zero has even helped Apple solve a security flaw — and it’s one of Google’s biggest rivals! Tap or click here to see what Project Zero found in iOS.

And now, Project Zero is letting Microsoft know it has a critical bug on its hands. Windows 10 is no stranger to security flaws, but the one discovered by Project Zero appears to have already been exploited by hackers. Here’s what you need to know, as well as what you can do until a patch arrives.

Google finds bug in Windows 10 before Microsoft

Bug-hunters working for Project Zero have reported a dangerous new security flaw in Windows 10 that hackers are actively using. The bug, which has been labeled CVE-2020-17087, has to do with the way Windows 10 handles Google Chrome’s “sandbox mode,” which is usually hidden from users.

Sandbox mode is a developer tool, and it’s normally isolated from Chrome and other apps on Windows. This new bug allows hackers to escape sandbox mode and run malicious code on other parts of the operating system.

To make matters worse, Windows 10 isn’t the only system affected. Users running older versions of Windows 7 are also vulnerable — and that operating system already has way more threats to deal with now that Microsoft no longer supports it.

Tap or click here to see why you urgently need to upgrade from Windows 7.

What can I do to protect myself? When is a patch available?

First, a bit of good news: Microsoft has acknowledged the bug and pledges to release a patch for it on Nov. 10. This means we only have a little over a week to worry about the exploit.

That said, Microsoft is urging calm in response to the bug. According to the company, cyberattacks exploiting it now are “targeted” in nature, which means they’re going after specific people and groups instead of individual users. From what Microsoft can tell, these attacks have nothing to do with the 2020 election.

In the meantime, there are still a few steps you can take to make sure you’re as safe as possible until the patch is released:

It’s a good thing that Microsoft has a patch in the works so we can put this security risk behind us. But it does open up another question: Will the update from Microsoft break something else in Windows 10?

Tap or click here to see what the last buggy Windows 10 update broke

Stop robocalls for good with Kim’s new eBook

Robocalls interrupt us constantly and scam Americans out of millions of dollars every year. Learn Kim's best tricks for stopping annoying robocalls in this handy guide.

Get the eBook