Google discloses zero-day in Windows kernel


CVE-2016-7855 is a local privilege escalation vulnerability in the Windows kernel that can be used as a security sandbox escape.

Researchers Neel Mehta and Billy Leonard of the Google Threat Analysis Group said it can be triggered, “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”

The same vulnerability was found by Adobe on 21st October as it was found in Flash Player. Adobe has released a patch, Microsoft is yet to follow suit.

Adobe said in the security bulletin accompanying the release, “Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”

Google has said it broke the news of the flaw before Microsoft had the chance to fix it because it is a critical vulnerability that could lead to system compromise, and it is being actively exploited.

Google has advised users to update Flash and install the Microsoft patch as soon as it is made available.

Google said that Windows 10 users can use Google Chrome to protect themselves against possible attacks which use the flaw explaining that, “Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,”

This article originally appeared at scmagazineuk.com

[relatedYouTubeVideos relation=”postTitle” max=”1″ class=”horizontal center bg-black”]



Source link

Please follow and like us: