Google Recommends Upgrading to Windows 10 After Discovering Windows Zero-Day Bug

The last few years saw Microsoft telling Google how its browser was sub-par and Google showing Microsoft how its products were full of security flaws. Merely since Microsoft waved the white flag and has even announced using Google's open up-source Chromium engine for its Border browser, the two tech titans appear to be getting along quite nicely.

Google recently discovered a nothing-day security vulnerability in Windows operating arrangement, which is being actively exploited in the wild. As a mitigation, the company is advising users to "consider upgrading to Windows 10 if they are all the same running an older version of Windows." Last night, Microsoft announced that its latest operating organisation is now powering over 800 million active devices.

The security problems is being actively exploited in the wild; Google Chrome restart is recommended

Attackers have been using a local privilege escalation exploit in Windows in combination with a security flaw in Chrome. Google issued a fix to its browser making certain that everyone who is running the latest version of Chrome isn't afflicted by this security issue.

However, the Pixel maker said that the Windows exploit could all the same be used against people who are running older versions of Windows every bit it "strongly" believes "this vulnerability may just be exploitable on Windows 7."

The security flaw helps attackers to suspension out of browser sandboxes, which ensure that untrusted code cannot collaborate with sensitive parts of the operating organization. Google informed Microsoft well-nigh these bugs and the company is reportedly working on a fix.

It is a local privilege escalation in the Windows win32k.sys kernel driver that tin can exist used every bit a security sandbox escape. The vulnerability is a Zippo pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances.

"Pursuant to Google's vulnerability disclosure policy, when we discovered the vulnerability nosotros reported it to Microsoft," Clement Lecigne of Google'due south Threat Analysis Group wrote. "Today, as well in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability tin can nevertheless be used to drag privileges or combined with some other browser vulnerability to evade security sandboxes."

Even for Chrome users, in many cases a restart of the browser is needed to protect against this in-the-wild security problems.

This newest exploit is different, in that initial concatenation targeted Chrome code straight, and thus required the user to have restarted the browser later on the update was downloaded. For almost users the update download is automatic, just restart is a unremarkably a transmission action. [3/3]

— Justin Schuh ? (@justinschuh) March 7, 2019

Windows 7 fans who proceed to utilise the operating system will shortly be left without whatsoever security patches as the Os is reaching end of back up deadline in coming January. Microsoft has detailed an improver support plan for enterprises, which will go on auction in April.

- We will update this space when Microsoft delivers a patch.

Are you even so on Windows seven?