Google’s Threat Analysis Group has revealed that it had discovered a massive zero-day vulnerability – described as “particularly serious – in Microsoft’s Windows 10 operating system, ten days after it informed Microsoft of the issue directly.
The vulnerability could potentially affect millions of computers, and Microsoft is yet to patch the issue. The same investigation that uncovered the vulnerability in Windows 10 found a similar one within Flash Player, which Adobe promptly patched.
“On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft,” the Threat Analysis Group writes. “Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe’s updater and Chrome auto-update.”
“After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” the team reveals. “This vulnerability is particularly serious because we know it is being actively exploited.”
“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape,” the post adds. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.”
Microsoft is yet to publicly comment on the vulnerability, but it would be best advised to issue an emergency fix quickly, rather than wait for its scheduled Windows Update monthly rollup.
Corsair has just launched a new keyboard aimed at serious gamers, the K70 PRO TKL.…
FULL HD PICTURE PERFORMANCE: Elevate your viewing with this LED TV's High Definition resolution and…
HD COLOUR ENGINE: Experience vibrant visuals with this LED TV's HD Colour Engine processing chip,…
Compatibility - The wall mount shelf is compatible with wood and concrete walls. The adjustable…
GenreScience FictionFormatDVD-VideoContributorMckenna Grace, Paul Rudd, Kumail Nanjiani, Carrie Coon, Finn WolfhardLanguageEnglishRuntime1 hour and 55 minutes…
Picture Quality: 240 Mini-LED PRO Local Dimming Zones | Quantum Dot Technology | 144 Hz…