Google reveals Windows 8.1 zero-day

Google has publicly revealed an unpatched Windows zero-day bug, following the lapse of a three-month waiting period after private disclosure.

The flaw potentially allows escalation of privilege on Windows 8.1 and comes more than a week ahead of the next regular Microsoft Patch Tuesday update, due to take place on January 13.

A spokesman from Microsoft said: "We are working to release a security update to address an elevation of privilege issue."

"It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine."

Hackers can gain admin rights through a bug with the application compatibility data cache on Windows 8.1, which fails to check impersonation tokens correctly and thus allows hackers to gain control over systems, according to Google researcher James Forshaw.

He added that it was "unclear" whether Windows 7 is vulnerable to a similar attack, though he said it might be possible to bypass checks on the older OS to escalate privilege.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing