A severe SMB flaw is still in the wild after Microsoft has failed to patch it and has also skipped February’s Patch Tuesday for reasons the company will not communicate.
Now, according to a policy for a 90-day stay between notifying the offending company and making a flaw public, Google’s security research team has outed yet another vulnerability in Microsoft Windows platform.
This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.
It’s being reported that Microsoft fixed portions of this recently reported flaw, but stopped short of fixing the entire vulnerability.
Details on this latest flaw here: Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!