An exploit which is zero-day related has been discovered in Windows 10’s versions. The exploit is nothing crucial or serious to be worried about, but Microsoft employees have publicly revealed that this particular exploit conceals multiple risks that may endanger the privacy of users.
When contacted about the issue, Microsoft employees do not directly respond to the questions, but instead “recommend” in their response users to focus on using Windows 10 and Edge browser “for the best protection”, ARSTechnica reports.
The employees from PR firm of Microsoft were not able to explain why Windows 10 and Edge should be used when the bug was discovered in most Windows versions, including 10.
The employees at the firm were pressed to give away details on the bug or at least to provide risk assessment of the zero day exploit, but they declined.
This exploit does not represent any serious threat. It was discovered that the bug itself roots from a null pointer issue in the file server protocol of Microsoft’s server message block. It can only cause a crash on a server, hypothetically. There are more dangerous zero day bugs out there that allow malicious code to be executed.
But this is information that users have no actual method of being aware of. And also hypothetically administrators could misconfigure servers to be vulnerable to this bug, which means to configure a server to keep alive the connection for file sharing, for example.
And when asked, instead of giving details on the bug, the PC firm has responded with a message that their products are far superior in terms of the attention paid to the security of the software and bug fixing. Many experts believe that this is not entirely correct, primarily because Windows 10 is by far still vulnerable to exploits, like any other OS is.
The PR firm has “taken back” the advice to use Windows 10 and Edge for more security without further comment.
How The Exploit Was Discovered
Laurent Gaffie, a cyber-security analyst who has reported the bug to Microsoft during the end of 2016 has also stated that the flaw was scheduled to be packed for December but Microsoft has actually postponed this to 02.2017 with other fixes altogether.
Nobody knows why the patch was delayed, especially during important time when people use Windows’ products the most – the winter holidays, but one thing is clear. Microsoft has to focus on security instead of Marketing and dealing with the outcome of a flaw.