AfterDawn: Tech news

Google reveals actively exploited Windows vulnerability

Written by Andre Yoskowitz @ 31 Oct 2016 11:19 User comments (3)

Google reveals actively exploited Windows vulnerability Google has revealed details of a 0-day vulnerability in the Windows operating system that it claims is being currently exploited.
The search giant disclosed the flaw to Microsoft just 10 days ago, but Microsoft has not yet released a patch or even an advisory.

Reads Google's post:

"The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.


Microsoft was not happy with the release of the details before any patch: "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."



Source:
VB

Previous Next  

3 user comments

11.11.2016 15:56

Quote:
Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.
Ummm... Yeah. Pull the other leg?

23.11.2016 04:55

and what i find is excellent about this is microsoft did know about this bug because we told them 3 months ago and they did nothing to fix it so did you think they would fix it now

35.11.2016 10:48

This topic has merit from BOTH sides.


IMO...good for Google for doing this. It creates IMMEDIATE and MASSIVE AWARENESS of a problem that may otherwise be ignored by the powers that be.


On the other hand, as mentioned, it creates awareness for the wrong, negative uses too for those nefarious peeps.




Again......both perspectives have merit. I'm a bit more toward the first one.

Comments have been disabled for this article.

Latest news

VLC hits milestone: over 5 billion downloads VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31)
VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times.
1 user comment
Sideloading apps to Android gets easier, as Google settles its lawsuit Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09)
Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier.
8 user comments
Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19)
Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
Neato, the robot vacuum company, ends its operations Neato, the robot vacuum company, ends its operations (02 May 2023 3:38)
Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028.
5 user comments
How to Send Messages to Yourself on WhatsApp How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25)
The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. ....
18 user comments

News archive