News

Google Reveals Serious Windows 10 Vulnerability

Google’s Threat Analysis Group has revealed that it had discovered a massive zero-day vulnerability – described as “particularly serious – in Microsoft’s Windows 10 operating system, ten days after it informed Microsoft of the issue directly.

The vulnerability could potentially affect millions of computers, and Microsoft is yet to patch the issue. The same investigation that uncovered the vulnerability in Windows 10 found a similar one within Flash Player, which Adobe promptly patched.

“On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft,” the Threat Analysis Group writes. “Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe’s updater and Chrome auto-update.”

“After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” the team reveals. “This vulnerability is particularly serious because we know it is being actively exploited.”

“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape,” the post adds. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.”

Microsoft is yet to publicly comment on the vulnerability, but it would be best advised to issue an emergency fix quickly, rather than wait for its scheduled Windows Update monthly rollup.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Corsair Introduces K70 Pro TKL Keyboard With Rapid Trigger

Corsair has just launched a new keyboard aimed at serious gamers, the K70 PRO TKL.…

15 hours ago

Panasonic TB-40S45AEY, S45 Series 40 inch Full HD LED Smart TV

FULL HD PICTURE PERFORMANCE: Elevate your viewing with this LED TV's High Definition resolution and…

15 hours ago

Panasonic TV-40S55AEY, S55 Series 40 inch Full HD LED Smart TV

HD COLOUR ENGINE: Experience vibrant visuals with this LED TV's HD Colour Engine processing chip,…

15 hours ago

suptek 2 Floating Shelf Wall bracket 

Compatibility - The wall mount shelf is compatible with wood and concrete walls. The adjustable…

15 hours ago

Ghostbusters: Frozen Empire

GenreScience FictionFormatDVD-VideoContributorMckenna Grace, Paul Rudd, Kumail Nanjiani, Carrie Coon, Finn WolfhardLanguageEnglishRuntime1 hour and 55 minutes…

15 hours ago

Hisense 55 Inch 144Hz Mini-LED Smart TV

Picture Quality: 240 Mini-LED PRO Local Dimming Zones | Quantum Dot Technology | 144 Hz…

15 hours ago