Google discloses zero-day Vulnerability in Windows kernel

  • Post author:
  • Reading time:3 mins read

Google discloses a Windows zero-day vulnerability in the Windows kernel. That is currently in exploitation in the wild by Black Hats. This was disclosing after Microsoft failed to release a patch within the 7-day deadline. Also, a reliable vulnerability management tool can prevent these issues.

CVE-2016-7855 is a local privilege escalation vulnerability in the Windows kernel exploits that can be of use as a security sandbox escape. A vulnerability management system can resolve these issues.

“[The vulnerability] can be triggered via win32k.sys system calls NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the win32k lockdown mitigation on Windows 10. Which prevents exploitation of this sandbox escape vulnerability”. Google quoted a blog post by Neel Mehta and Billy Leonard on Oct 31, 2016.

Blog Post Notes on Windows Kernel Exploits:

The blog post also notes that Google reported a zero-day flaw (CVE-2016-7855). Flash Player to Adobe at the same time as it contacted Microsoft. But Adobe released an emergency patch for its software.

The Flash Player bug also in the exploitation a wide range of organizations in targeted attacks. According to Adobe, the flaw affected on Windows 7, 8.1, Server 2012, Server 2012 R2 and 10 systems.

In response to the Google blog post of Windows kernel exploits. Microsoft said Google’s disclosure has potentially placed customers at risk. Adding that the company believes in coordinated vulnerability disclosure. Microsoft also said that all supported Windows platforms are vulnerable to this attack. And have recommended its users use Windows 10 and Microsoft Edge for the best protection from this vulnerability. Microsoft is anyhow working on its update and has promised to release the update on coming Patch Tuesday (i.e Nov 8, 2016).

The search giant claims that it could protect Windows 10 users. With its new update for Google Chrome that rolled out on Nov 1, 2016. The blog said “The Windows vulnerability is a local privilege escalation in the Windows kernel that can be of use as a security sandbox escape. It can be triggering via win32k.sys system calls NtSetWindowLongPtr() for the index GWLP_ID on a Window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the win32k lockdown mitigation on Windows 10. Which prevents exploitation of this sandbox escape vulnerability”

We recommend all Windows users install the latest Google Chrome and Adobe Flash Player patches to have the best protection from this vulnerability.

SecPod Saner detects these vulnerabilities and automatically fixes it by applying Important and critical security updates. Download Saner now and keep your systems updated and secure.

Share this article