image credit: Mike Mozart / Flickr

Google to Microsoft: Nice Windows 10 patch – but it’s incomplete

August 12, 2020

Via: ZDnet

Google Project Zero (GPZ) is refusing to give Microsoft further extensions on disclosing a Windows 10 authentication bug because it says a patch Microsoft delivered in the August 2020 Patch Tuesday update is incomplete.

One of the 120 security bugs Microsoft released patches for on Tuesday was CVE-2020-1509, which was reported to Microsoft on May 5 by GPZ Windows researcher James Forshaw.

The bug allows a remote attacker who’s already gained credentials for a Windows account on a network to elevate privileges after sending a specially crafted authentication request to the Windows Local Security Authority Subsystem Service (LSASS).

Read More on ZDnet