#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Windows 8.1 | Breaking Cybersecurity News | The Hacker News

Category — Windows 8.1
Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows

Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows

Jan 16, 2015
Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft's Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought. Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix. DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD? Google's tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn't appears to be a righ...
Google Discloses Another Unpatched Windows 8.1 Vulnerability

Google Discloses Another Unpatched Windows 8.1 Vulnerability

Jan 14, 2015
Google has once again released the details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system before Microsoft planned to patch the bug, triggering a new quarrel between the two tech giants. This is second time in less than a month when the Google's security research team known as Project Zero released details of the vulnerability in Microsoft's operating system, following its 90-day public disclosure deadline policy. Google Project Zero team routinely finds vulnerabilities in different products from different companies. The vulnerabilities then get reported to the affected software vendors and if they do not patch the flaws in 90 days, Google automatically makes the vulnerability along with its details public. DISCLOSURE OF TWO SECURITY HOLES IN LESS THAN A MONTH Two weeks back, Google Project Zero team disclosed details of an elevation of privilege (EoP) vulnerability  affecting Windows 8.1 that may have allowed hackers to modify cont...
Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Feb 11, 2025Software Security / Threat Intelligence
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn't buy a car without knowing its safety features, you shouldn't deploy software without understanding the risks it introduces. The Rising Threat of Supply Chain Attacks Cybercriminals have recognized that instead of attacking an organization head-on, they can infiltrate through the software supply chain—like slipping counterfeit parts into an assembly line. According to the 2024 Sonatype State of the Software Supply Chain report , attackers are infiltrating open-source ecosystems at an alarming rate, with over 512,847 malicious packages detected last year alone—a 156% increase from the previous year. Traditional sec...
Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Jan 02, 2015
A Google security researcher, ' James Forshaw ' has discovered a privilege escalation vulnerability in Windows 8.1 that could allow a hacker to modify contents or even to take over victims' computers completely, leaving millions of users vulnerable. The researcher also provided a Proof of Concept (PoC) program for the vulnerability. Forshaw says that he has tested the PoC only on an updated Windows 8.1 and that it is unclear whether earlier versions, specifically Windows 7, are vulnerable. Forshaw unearthed the bug in September 2014 and thereby notified on the Google Security Research mailing list about the bug on 30th September. Now, after 90 days disclosure deadline the vulnerability and Proof of Concept program was made public on Wednesday. The vulnerability resides in the function AhcVerifyAdminContext , an internal function and not a public API which actually checks whether the user is an administrator. "This function has a vulnerability where i...
cyber security

Level Up Your Cyber Skills at SANS 2025

websiteSANS InstituteCyber Security / Training
Master in-demand techniques at our largest training event in 2025. Explore 50+ courses. Train in person to claim your $769 savings!
Hack Windows 8.1 to earn $100,000 bounty from Microsoft

Hack Windows 8.1 to earn $100,000 bounty from Microsoft

Jun 25, 2013
If you don't know yet, Microsoft is offerings up to $100,000 in exchange for finding vulnerabilities and exploits in the upcoming Windows 8.1 Preview which is expected to launch on June 26, the same time as the Microsoft Build Developer Conference. Qualifying submissions with accompanying defensive ideas will also be eligible for a BlueHat Bonus worth up to $50,000. " These are super challenging to discover and they require a new technique ," says Mike Reavey, director of Microsoft's Security Response Center. Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned. " Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would ," he said. Microsoft's senior s...
Expert Insights / Articles Videos
Cybersecurity Resources