By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Google recommends users of Windows 7 to give it up and move to Microsoft’s latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild. The security bug affects Windows win32k.sys kernel driver and leads to privilege escalation on Windows 7. Google saw the Windows vulnerability in targeted attacks, chained with a zero-day vulnerability (CVE-2019-5786) in Chrome browser that received a patch on March 1 with the release of version 72.0.3626.121. The kernel driver vulnerability could also serve for sandbox escaping when chained with other browser security faults, so Windows users could still be impacted even if they applied correctly the most recent update for Google Chrome. Exploitation of the vulnerability in the wild targeted Windows 7 systems. Google believes that this is the only version of the OS where it works because the exploit mitigations Microsoft introduced in the newer versions of OS, Windows 10 in particular, would prevent it. If you still run an older version of Windows, the recommendation is to upgrade to Windows 10 and keep it updated with the newest patches. “The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,”  writes Clement Lecigne, member of Google’s Threat Analysis Group. Further details are posted on OUR FORUM.

 

GTranslate