Google discloses another security flaw in Windows

Google researches have found a new security flaw in Windows 8.1 as well as Windows 7.
Windows 7 and 8.1 has a function called CryptProtectMemory, which generates an encryption key at login.This key can be used by other applications that run at the same login session and can share the data.There is another process called the CNG.sys that has to verify these tokens.But this thing(CNG.sys) doesn't properly verify the token.As a result,it is vulnerable and someone can impersonate the computer's legitimate user and access the its data(that too in an encrypted form).Though its not an easiest thing to do,hackers(or attackers) can exploit any other vulnerabilities of the computer through which they can exploit it.

Windows users will have to be more careful unless Microsoft releases a patch or an update to fix this flaw.