MULTIZ321
TUG Member
- Joined
- Jun 6, 2005
- Messages
- 31,344
- Reaction score
- 9,012
- Points
- 1,048
- Location
- FT. LAUDERDALE, FL
- Resorts Owned
-
BLUEWATER BY SPINNAKER HHI
ROYAL HOLIDAY CLUB RHC (POINTS)
Google Says to Upgrade to Windows 10 After Critical Flaws Found in Chrome and Windows 7
By Davey Winder/ Cybersecurity/ Forbes/ forbes.com
"Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the attention of the combined threat.
The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. "The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances" Clement Lecigne said, adding "we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."....."
Getty
Richard
By Davey Winder/ Cybersecurity/ Forbes/ forbes.com
"Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the attention of the combined threat.
The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. "The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances" Clement Lecigne said, adding "we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."....."
Getty
Richard