Will Microsoft ever fix ‘token kidnapping’ flaw?

Over at the Zero Day blog [zdnet.com], I covered the saga of the one-year-old Windows token kidnapping vulnerability that remains unpatched and is now being exploited in malicious hacker attacks.

Over at the Zero Day blog [zdnet.com], I covered the saga of the one-year-old Windows token kidnapping vulnerability that remains unpatched and is now being exploited in malicious hacker attacks.

This is one of those Microsoft-really-should-know-better moments, especially since they knew about the severity of the issue and the public release of proof-of-concept code that provided a roadmap for exploiting the flaw.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.