Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7
- Admin
- Mar 12, 2019
- 2 min read
By Forbes Editors' Picks, www.forbes.com Davey Winder Forbes Contributor
Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the attention of the combined threat.
The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. "The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances" Clement Lecigne said, adding "we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."
The Google Threat Analysis Group disclosed the zero-day to Microsoft who have said they are working on a fix but, as of yet, there is no indication of how long this might take. Currently the status of this vulnerability has to remain as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. "Not all vulnerabilities are created equal, and many if considered on their own are not cause for undue concern" says Jim O'Gorman, president of Offensive Security, who continues "if they were flagged by the organization's security solution, they likely would not have been prioritized in patching. It's when a group of seemingly minor flaws are chained together that they can be used to devastating effect."
You can follow me on Twitter, connect with me on LinkedIn and find more of my stories at happygeek.com
The welcome post for Integrity Tech Times feels like a strong introduction to a tech-focused space where updates and ideas can be shared clearly. It reminded me of when I had to write a short tech summary in class and felt stuck with structuring it properly. I once used assignment writing service when I needed help organizing my thoughts into a clearer format. It makes me think good communication is key in tech because it helps complex ideas feel simple and useful.
hi
Security upgrades are annoying but necessary. As a PhD student who works part-time at Last-Minute Assignments, I ignored Windows 7 warnings until my laptop froze. I was so stubborn that I'd look for affordable computer science Assignment Help just to fix the damage. Your post is a public service announcement. Thank you for that. Update now, cry later. Grateful for the heads-up. Keep us safe. Seriously, my files thank you. My peace of mind thanks you more. Here's to patching flaws before they find us. Cheers.
This blog post was both informative and engaging. The breakdown of the topic made complex points easier to grasp. I appreciate how Debunked Daily takes time to verify information before publishing it. Reliable platforms like this are rare and highly valuable. Keep delivering meaningful content that promotes truth and awareness.
We express our appreciation for Seekho Kamao Yojana and Bandhkam Kamgar Yojana. These initiatives help youth gain hands-on experience and provide essential benefits to construction workers. They reduce unemployment and offer stability through structured support. Thank you for launching programs that encourage earning through learning and safeguard the well-being of hardworking labor communities.