Categories: world

Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7

Share to twitter Share to linkedin <div _ngcontent-c1 4 = "" innerhtml = " Earlier this week Google released an update for the Chrome web It was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, has been used together with the Chrome exploit to take over Windows systems. The Windows zero-day is a local privilege in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulner " The vulnerability is a NULL pointer dereference in win32k! MNGetpItemFromIndex when NtUserMNDragOver () system call is called under specific circumstances [19659008] Clement Lecigne said adding " we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions or windows. Windows 7 32-bit systems. " The Google Threat Analysis Group released the zero-day to Microsoft who have said they are working on a fix but, as of yet, There is no indication of how long this might take. Currently the status of this vulnerability remains as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. " Jim O'Gorman, president of Offensive Security, who continues " if they were flagged by the organization's security…

<div _ngcontent-c1

4 = “” innerhtml = ”

Earlier this week Google released an update for the Chrome web It was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, has been used together with the Chrome exploit to take over Windows systems.

The Windows zero-day is a local privilege in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulner ” The vulnerability is a NULL pointer dereference in win32k! MNGetpItemFromIndex when NtUserMNDragOver () system call is called under specific circumstances [19659008] Clement Lecigne said adding ” we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions or windows. Windows 7 32-bit systems. “

The Google Threat Analysis Group released the zero-day to Microsoft who have said they are working on a fix but, as of yet, There is no indication of how long this might take. Currently the status of this vulnerability remains as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. ” Jim O’Gorman, president of Offensive Security, who continues ” if they were flagged by the organization’s security solution, they probably would not have been prioritized in patching. It’s when a group of seemingly minor flaws are chained together that they can be used to devastating effect. “

“>

Earlier this week Google released an update for the Chrome web browser that it was urged to ensure was immediately implemented. That was because of the Threat Analysis Group that Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the combined threat.

The Windows zero day is a local privilege escalation the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. “The vulnerability is a NULL point of reference in win32k! MNGetpItemFromIndex when NtUserMNDragOver () system call is called under specific circumstances” Clement Lecigne said, adding “we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer Windows 7 32-bit systems. “

The Google Threat Analysis Group released the zero-day to Microsoft who have said they are working on a fix but, as or yet, there is no indication of how long this might take. Currently the status of this vulnerability remains as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. “Not all vulnerabilities are created equal, and many consider their own cause for undue concern” says Jim O’Gorman, president of Offensive Security, who continues “if they were flagged by the organization’s security solution, they likely would not have been prioritized in patching. It’s when a group of seemingly minor flaws are chained together that they can be used to devastating effect. “

Share
Published by
Faela