Google warns of Windows zero-day under active exploit

By
Follow google news

Microsoft yet to issue patch.

Google is warning of a critical vulnerability in current versions of Windows that is unpatched and under active exploit by attackers.

Google warns of Windows zero-day under active exploit

Threat Analysis Group engineers Neel Mehta and Billy Leonard said Google had reported the flaw to Microsoft on October 22 (Australian time). 

As Microsoft has not issued an advisory or fix for the vulnerability, Mehta and Leonard disclosed its existence as per Google's policy.

"This vulnerability is particularly serious because we know it is being actively exploited," the pair wrote.

The flaw exists in the Windows operating system kernel, and comprises a local privilege escalation that allows attackers to escape the security sandboxn.

Google's Chrome browser mitigates against the exploit by blocking win32k.sys system calls, which prevents the flaw being used to escape the sandbox.

Mehta and Leonard also reported a zero-day vulnerability to Adobe at the same time as they contacted Microsoft. Adobe issued an emergency patch for the CVE-2016-7855 on October 27 (Australian time).

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
googlemicrosoftsecuritywindowszeroday

Sponsored Whitepapers

The future of resilience: AI-Driven dynamic storage
The future of resilience: AI-Driven dynamic storage
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Events

Most Read Articles

Dead cars tell tales by storing data that's never wiped

Dead cars tell tales by storing data that's never wiped
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
FBI remotely patched privately-owned routers to evict Russian GRU spies

FBI remotely patched privately-owned routers to evict Russian GRU spies
AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks

AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?