Security News
Google and the Linux Foundation this week announced the prioritizing of funds to allow long-time Linux kernel maintainers Gustavo Silva and Nathan Chancellor to focus on improving the security of the platform. The pervasive Linux operating system, according to a recent report from the Linux Foundation's Open Source Security Foundation and the Laboratory for Innovation Science at Harvard, needs additional work on security.
Google and the Linux Foundation announced they are prioritizing funds to underwrite two full-time maintainers for Linux kernel security development, Gustavo Silva and Nathan Chancellor. While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open source software.
Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security. "While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.
"The vulnerability affects Windows 10 and corresponding server editions of the Windows OS," said Chris Goettl, senior director of product management and security at Ivanti. "The Windows Fax Service is used by the Windows Fax and Scan application included in all versions of Microsoft Windows 7, Windows 8 and Windows 10 and some earlier versions."
The Microsoft patch drop adds to the workloads for weary defenders struggling to keep pace with the volume and pace of security updates from major vendors. Earlier Tuesday, Adobe shipped fixes for multiple dangerous security holes, including a bug in the Adobe Reader that is being exploited in "Limited targeted attacks" against Windows OS users.
One of the fixed flaws is being actively exploited, the Windows Kernel Cryptography Driver vulnerability disclosed by Google's Project Zero at the end of last month. The CVE-2020-17087 driver bug was also exploited with CVE-2020-15999, a remote-code exec vulnerability in Chrome's font-parsing code, to also hijack targeted people's PCs. All three bugs are now patched; installing the latest software updates fixes them.
Microsoft has plugged 112 security holes, including an actively exploited one. The most information is available about CVE-2020-17087, a Windows Kernel privilege escalation vulnerability, because it's being actively exploited in the wild and because Google disclosed it on October 29, along with PoC exploit code.
Boffins based in Austria, Germany, and the UK have identified yet another data-leaking side-channel flaw affecting Intel processors, and potentially other chips, that exposes cryptographic secrets in memory. The paper describes a way to extract confidential data from devices by measuring power consumption fluctuations in Intel chips from Sandy Bridge onward using just software and without the need to physically wire instruments to machines.
Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers. The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder.
Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks. The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.