On October 21, Google warns about serious Windows vulnerability which is actively exploited. Microsoft is still working on a patch.
According to Google’s publish policy for actively exploited critical vulnerabilities they published vulnerabilities publicly 7 days after informing the developers. Quote: “This vulnerability is particularly serious because we know it is being actively exploited.”
Adobe’s Flash vulnerability
The same vulnerability existed on Adobe’s Flash, but they fixed it with patch CVE-2016-7855 on October 26 and is available via Adobe’s updater and Chrome auto-update. It was fixed before the Google’s public announcement about the vulnerability.
Still no Windows patch yet
The Adobe managed to fix their software with a patch. But we can’t say the same for Microsoft. This understandable, because patching Windows Kernel is more complex than patching Flash. Microsoft promised to release the update on November 8. This vulnerability also affects the latest Microsoft’s operation system Windows 10.
Read more about this tool: Disclosure timeline for vulnerabilities under active attack.