Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw.
The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape.
“It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.” reads the post published by Google.
“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,”
Experts argue the Windows zero-day could be exploited only on Windows 7 due to recent exploit mitigations added in newer versions of Microsoft OS. To date, experts only observed active exploitation against Windows 7 32-bit systems.
This time, Google decided immediately disclose the issue because the Windows zero-day is being actively exploited in targeted attacks.
The tech giant reported the bug to Microsoft last week and a patch isn’t available yet.
“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks.” continues the post.
“The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix,”
At the time, the only way to mitigate the flaw is to upgrade their systems to Windows 10, of course, the experts recommend to apply patches as soon as they become available.
According to Google, targeted attacks involving the Windows zero-day also exploited the Chrome vulnerability recently fixes by Google.
Google addressed the issue by rolling out a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems.
To read the original article: