(http://s21.postimg.org/g3x1kycx3/Windows_Zero_Day_Vulnerability_1.jpg)
Google disclosing an unpatched 0-day vulnerability in Windows is not really a new thing, they have been doing it since last year. Microsoft even criticized their behavior for putting millions of Windows users at risk.
Today, Google published (http://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html) a new 0-day vulnerability in Windows which is still unpatched. Google reported it to Microsoft on Friday, October 21st, and as per their 7 day policy, they have disclosed it today. I think their policy for actively exploited critical vulnerabilities (http://security.googleblog.com/2013/05/disclosure-timeline-for-vulnerabilities.html) is not good for both the software makers and end users.
Even after knowing that this vulnerability is particularly serious and it is being actively exploited, they want to publicize it. I don’t understand how a software company can fix a security bug in a software which has millions of lines of code and runs on hundreds of millions of machines of different configurations within 7 days.
The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown (http://docs.google.com/document/d/1gJDlk-9xkh6_8M_awrczWCaUuyr0Zd2TKjNBCiPO_G4/edit) mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.
Hopefully, Microsoft will release a fix for this vulnerability via Windows Update soon.
source:mspoweruser