Windows 10 News and info | Forum
March 20, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Google Advises Upgrade to Windows 10 to Fix Windows 7 Zero-Day Bug  (Read 22 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 29746


I Do Windows


WWW Email
« on: March 08, 2019, 11:18:13 AM »
ReplyReply

Google recommends users of Windows 7 to give it up and move to Microsoft’s latest operating system if they want to keep systems safe from a zero-day vulnerability exploited in the wild.

The security bug affects Windows win32k.sys kernel driver and leads to privilege escalation on Windows 7.

Google saw the Windows vulnerability in targeted attacks, chained with a zero-day vulnerability (CVE-2019-5786) in Chrome browser that received a patch on March 1 with the release of version 72.0.3626.121.

Upgrade to Windows 10, Google says

The kernel driver vulnerability could also serve for sandbox escaping when chained with other browser security faults, so Windows users could still be impacted even if they applied correctly the most recent update for Google Chrome.

Exploitation of the vulnerability in the wild targeted Windows 7 systems. Google believes that this is the only version of the OS where it works because the exploit mitigations Microsoft introduced in the newer versions of OS, Windows 10 in particular, would prevent it.

If you still run an older version of Windows, the recommendation is to upgrade to Windows 10 and keep it updated with the newest patches.

“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,” writes Clement Lecigne, member of Google’s Threat Analysis Group.

Microsoft says they are working on a fix, but until they release it, users of Windows 7 are exposed.

Update Chrome the right way

Although the auto-update feature in Chrome installs the new code, it does not mean that the effects are also enforced.

Justin Schuh, engineering director on Google Chrome for desktop, explains that in the case of plugin components, Chrome can renew them separately and that would be all.

But when the browser code needs to be refreshed, the change takes effect after a restart, done manually in most cases.



What this means is that if your Google Chrome version is as seen in the image above, it is not enough to benefit from the latest fix. You also have to restart it.

source
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 11, 2019, 03:50:44 PM