Windows 10: Google Disclosing Windows 10 vulnerabilities to protect users

Source: Google Online Security Blog: Disclosing vulnerabilities to protect users

 

If the vulnerability is "particularly serious" then how about identifying the software that's exploiting this 'vulnerability'? Stating that "we know it is being actively exploited" without identifying the malicious software is highly dubious and can't be taken seriously.

All this does is prevent administrators and users from checking their networks and machines for that software, allowing it to continue exploiting their networks and machines while also preventing security companies from creating signatures for that malicious software.

Considering all they've done is disclose the vulnerability without also disclosing the software that they "know" is actively exploiting the vulnerability makes "Google Disclosing Windows 10 vulnerabilities to protect users" nothing but a sad sick joke.

:)

 

no updates

Thank you for clarifying. I'd recommend checking this article
to help you protect your Windows 10 device against Spectre and Meltdown. The said article discusses the impact of the recently disclosed processor vulnerabilities, named “Spectre” and “Meltdown,” for Windows customers and provides resources to
help keep your devices protected at home, at work, and across your enterprise. It is important to update both your hardware and your software to address this vulnerability.

Let us know if you have other concerns.

Regards.

 

Windows 10 stutters / lag when opening UWP apps

Below is the official Microsoft statement on this issue.

“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying
mitigations to cloud services and are releasing security updates todayto protect Windows
customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”

Microsoft is aware of a new publicly disclosed class of vulnerabilities referred to as "speculative execution side-channel attacks" that affects many modern processors and operating systems including Intel, AMD,
and ARM.

To address these issues, Microsoft has worked in partnership with the hardware industry to develop mitigations and guidance.

Your understanding is highly appreciated.

 

There is no particular software using this, any malware can use it, since it is in the wild.
Besides, Google has provided the info in the link, how to prevent it, since MS did not.

 

You're missing the bigger picture... before Google disclosed this publicly it was only a very limited number of malicious programs that knew about and exploited the vulnerability and only now that Google shared those details can "any malware can use it".

Since Google has not shared information about the software they "know" to be actively exploiting the vulnerability:
* Enables existing malicious software to continue exploiting machines, stealing data or preform other malicious actions.
* Prevents administrators from checking their networks and machines for that malicious software.
* Prevents anti-virus and anti-malware software from creating signatures to detect and remove that malicious software.

Microsoft had just 10 days before Google publicly released details about a "particularly serious" exploit and are also withholding information about the software they "know" to be actively exploiting the vulnerability... whom exactly does this help??

Googles actions are disgusting and are causing maximum damage to users by withholding information that would enable users and administrators to detect and remove that malicious software while also preventing anti-virus and anti-malware software from creating signatures.

Google has not shared anything that would in fact protect users and companies from existing malicious software that is already exploiting the flaw, let alone help anti-virus and anti-malware software protect users.

Adding insult to injury that flag can only be enabled by developers, after completely redesigning their software from scratch and after releasing updated versions of that software - months and years down the track.

 

Just another good reason to: GET RID OF FLASH PLAYER!*Smile

If you can't uninstall it(I'm watching you Win10) at least set it to Click-To-Play/turn off.
One of the worst decisions Microsoft ever made is "forcing" Flash Player on Windows 10 users.

Occupy Flash - The movement to rid the world of the Flash Player plugin.

 

I can not say, that I share that. For me flash always worked, unlike HTML5. *Nerd

I have not seen flash to crash in years and I always use the latest beta version.
Anything being used is targeted, but flash can be easily blocked, HTML5 can not.
HTML5 generally uses more CPU/GPU than flash, so it is bad, especially for slow devices.
"Flash introduces security and privacy issues." HTML5 has more features, needless to say more?

 

I can't uninstall Flash but it's turned off in IE & Edge - is that what you mean?

 

I would love to get rid of flash but my Sirius Online uses flash.

 

I think he's referring to the separate instillation of Flash. I have to install it to use Sirius Online. Sucks..

 

The integrated one on Windows 10, I have turned off, and I do not have it installed for Firefox.
Originally I didn't install it in Firefox anyhow, because that's only a backup browser for me, and it reduced auto playing "flash player ads"*Biggrin by not having it installed, well now they use HTML, those auto playing ads now persist*Sad

In IE it's set at click to play, in Edge, it's turned completely off.

 

"The integrated one on Windows 10, I have turned off". How do you do this?

 

In Edge




More settings for Flash Player can be found in Control Panel:

 

Typing Flash in Settings search box will also bring up "Flash Player Settings Manager".