Jump to content

Google Reveals Windows Kernel Zero Day Under Attack

RV_

By RV_
in Computers and Software

Recommended Posts

RV_ Grand Master

RV_

Posted
Posted

This one is being exploited as you read this folks. Google went ahead and published it publicly before Microsoft has issued a patch and this is not the first time Google has done this. They did this once before with Microsoft and once publishing serious Apple vulnerabilities. In bot of those instances the vulnerabilities were not under attack so the end users were In both of those cases they left the ends users exposed but they were not actively being exploited at the time of Google's ill timed releases.

 

This one is under attack. Not cool Google.

 

The good news for many here is that if you are using Google Chrome, it completely mitigates the risk. It prevents the vulnerability from being exploited. Funny how they released this before Microsoft was ready and their browser mitigates it.

 

215yc2_2.gif

 

Excerpt:

 

"A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft.

 

Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attack after seven days.

 

Microsoft has yet to issue an advisory—or patch—for the flaw, which Google says is a local privilege escalation vulnerability in the Windows kernel. The vulnerability can be used to escape the sandbox and execute code on the compromised machine. Microsoft said Google’s disclosure puts customers at risk.

 

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible,” a Microsoft spokesperson told Threatpost. “We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

 

A request for additional comment from Google was not answered in time for publication.

 

Google said the vulnerability is mitigated in the Chrome browser.

 

“Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” Google said."

 

The whole article is here: https://threatpost.com/google-reveals-windows-kernel-zero-day-under-attack/121689/

RV/Derek
http://www.rvroadie.com Email on the bottom of my website page.
Retired AF 1971-1998


When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius

 

“Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
RVers Online University

mywaggle.com

campgroundviews.com

RV Destinations

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

RVTravel.com Logo



×
×
  • Create New...