I'm surprised there isn't a thread for this.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252
In short: Microsoft has an unsandboxed JavaScript interpreter running as NT AUTHORITY\SYSTEM since Windows 8 (and Windows 7/Vista if you use Microsoft Security Essentials) that automatically scans network traffic and disk activity. Just browsing a page or receiving a mail (not even opening it) is enough to get pwned.
This is not a joke. Tavis Ormandy has described it as "the worst Windows remote code exec in recent memory". Microsoft has issued an emergency patch: https://technet.microsoft.com/en-us/library/security/4022344
Wangblows BTFO
>>60296285
Fuck off lincuck shill
What can be done with this? Reading the page so far I can not see anything useful.
W7, no security essentials, I don't even give a fuck.
>>60296285
>I'm surprised there isn't a thread for this.
I saw one this morning, we're over it already. It's not funny anymore
Microsoft has repeated the error many antivirus vendors have done before:
Symantec: remote root via vulnerable kernel-mode filter drivers https://googleprojectzero.blogspot.com/2016/06/how-to-compro...
ESET NOD32: remote root via vulnerable kernel-mode filter drivers https://googleprojectzero.blogspot.com/2015/06/analysis-and-...
Comodo: code execution vulns in virus scanner https://bugs.chromium.org/p/project-zero/issues/detail?id=76... and installs an insecure web browser and sets it as the default https://bugs.chromium.org/p/project-zero/issues/detail?id=70...
Avast: remote code execution in network traffic filter https://bugs.chromium.org/p/project-zero/issues/detail?id=54...
AVG: installs Chrome extension that leaks your browsing history to anyone who cares to read it https://www.theregister.co.uk/2015/12/29/avg_google_chrome_e...
TrendMicro: remote file access with SYSTEM privilege https://bugs.chromium.org/p/project-zero/issues/detail?id=77...
Kaspersky: a diverse range vulnerabilities over the years, ranging from remote root vulns (https://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-...) to "merely" making all SSL traffic man-in-the-middleable (https://bugs.chromium.org/p/project-zero/issues/detail?id=97...)
>>60296370
You're not affected, but blocking Javascript should do.
I expect an ad network to get hijacked now with malicious JS
This is a widows board, newfag lincucks GTFO.
>>60296285
good thing that im a linux user. other /g/ posters arent that tho.
>>60296285
I'll see your giant hole, and raise you a CIA exploit.
looks like these two are a great match.
>https://wikileaks.org/vault7/#Archimedes
>>60296285
>meanwhile exploits for millions of Android devices remain because Google is too cucked to force manufacturers to issue timely security patches
>>60296285
I stoppedal caring a while ago, what is the point of caring? I have a phone, multiple computers, smart tv, electric car, etc. All of which are probrably exploitable if someone cared to hack me or make me crash.
>>60296285
>JS interpreter
>as SYSTEM
how does microsoft come up with these jokes?
>>60297444
Desktops pay for the Internet mostly flat-rate while mobiles pay for limited quotas and shitty paid content. So it's just profitable for MNOs when android botnets and malware hook their devices on these cash juices.
>>60297622
>designated pajeet code