Hackers are exploiting a bug in Microsoft Windows that was originally disclosed by a Google researcher two months ago.
Microsoft issued the warning in its latest security advisory, saying that without the patch fix hackers could theoretically use the flaw to increase their privileges, thus wrestling control of the device from the end user.
The flaw was originally discovered and posted publicly online by Google security engineer Tavis Ormandy on the full disclosure blog in May. Ormandy said the bug relates to a "silly" piece of code from Microsoft, used in Windows 7 and Windows 8.
It was unclear whether the flaw had been actively exploited by criminals prior to Ormandy's post, though Microsoft's has since confirmed detecting numerous targeted attacks aimed at it. The details of the attacks and the potential damage caused remain unknown and at the time of publishing Microsoft had not responded to V3's request for comment.
The post has since caused a heated debate about the nature of full disclosure within the security community. Experts that practice a full disclosure policy believe posting any security flaws they discover online to the public helps improve the world's security, forcing the parties involved to fix the flaws sooner rather than later. Others believe the practice is irresponsible as it alerts cyber criminals and black hats about the flaw before the company has had time to react.
Ormandy is one of many Google engineers to support the full disclosure philosophy. Prior to his release Google security engineers Chris Evans and Drew Hintz threw down a gauntlet to companies saying they will give them just seven days to come clean on any zero day vulnerabilities they discover before making them public.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago