Google warns of Windows zero-day under active exploit

By

Microsoft yet to issue patch.

Google is warning of a critical vulnerability in current versions of Windows that is unpatched and under active exploit by attackers.

Google warns of Windows zero-day under active exploit

Threat Analysis Group engineers Neel Mehta and Billy Leonard said Google had reported the flaw to Microsoft on October 22 (Australian time). 

As Microsoft has not issued an advisory or fix for the vulnerability, Mehta and Leonard disclosed its existence as per Google's policy.

"This vulnerability is particularly serious because we know it is being actively exploited," the pair wrote.

The flaw exists in the Windows operating system kernel, and comprises a local privilege escalation that allows attackers to escape the security sandboxn.

Google's Chrome browser mitigates against the exploit by blocking win32k.sys system calls, which prevents the flaw being used to escape the sandbox.

Mehta and Leonard also reported a zero-day vulnerability to Adobe at the same time as they contacted Microsoft. Adobe issued an emergency patch for the CVE-2016-7855 on October 27 (Australian time).

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

Log In

  |  Forgot your password?