top of page

Google Says Upgrade To Windows 10 After Critical Flaws Found In Chrome And Windows 7

  • Writer: Admin
    Admin
  • Mar 12, 2019
  • 2 min read

By Forbes Editors' Picks, www.forbes.com Davey Winder Forbes Contributor


Earlier this week Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. That was because the Threat Analysis Group at Google had uncovered a critical zero-day vulnerability that was already being exploited in the wild. Now a Google security engineer, Clement Lecigne, has warned that another zero-day vulnerability that is also being exploited, impacting Windows 7 users, was being used together with the Chrome exploit to take over Windows systems. Google is now urging all Windows 7 users to upgrade to Windows 10, as well as make sure their Chrome browser is up to date, to escape the attention of the combined threat.


The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code. "The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances" Clement Lecigne said, adding "we strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems."


The Google Threat Analysis Group disclosed the zero-day to Microsoft who have said they are working on a fix but, as of yet, there is no indication of how long this might take. Currently the status of this vulnerability has to remain as a critical and unpatched one. For this reason, Google is advising users of Windows 7 should upgrade to Windows 10 and apply patches from Microsoft as soon as they become available. "Not all vulnerabilities are created equal, and many if considered on their own are not cause for undue concern" says Jim O'Gorman, president of Offensive Security, who continues "if they were flagged by the organization's security solution, they likely would not have been prioritized in patching. It's when a group of seemingly minor flaws are chained together that they can be used to devastating effect."


You can follow me on Twitter, connect with me on LinkedIn and find more of my stories at happygeek.com


9 Comments


Sad Hindi Shayari is like a mirror to the soul. It reflects emotions we often fail to express. The pain, the longing, the quiet tears—all wrapped in rhythmic lines that stay with you forever. I admire how each couplet holds such deep meaning. Whether it’s heartbreak or silent suffering, Hindi shayari sad captures it all beautifully. It's not just poetry; it's an experience. Every time I read it, I feel seen and understood. Hats off to the creators of such powerful expressions.

Like

Bhoot ki kahaniya truly have a charm of their own! The suspense, eerie silence, and sudden twists make them so thrilling. Every time I read or hear one, I get goosebumps. It’s fascinating how these stories can be both spine-chilling and entertaining at the same time. Perfect for a night with friends or a solo read under dim lights. The way emotions, fear, and the unknown are woven together is just brilliant!

Like

Win info
Win info
May 30

Honestly, this betting site blew me away with its user-friendly design and incredible variety of betting markets. It’s easy to sign up, deposit, and start playing within minutes. I’ve had zero problems with payouts, and the odds are very competitive across all sports. The mobile experience is flawless, which means I can place bets and follow games from anywhere. They also have some of the best customer service I’ve encountered on a gaming site. It’s been a five-star experience from start to finish! Jalwa Game || Ok win Games || Tashan Win App || Ultra Win || 91 club app || Daman Games App || DiuWin App Download || Daman Game || Tiranga Games || Daman Game || Tiranga Game ||

Like

WebAsha Technologies delivers the Best Ethical Hacking Course in Pune, tailored to meet the demands of today’s cybersecurity landscape. This course covers everything from fundamental security concepts to advanced ethical hacking techniques, preparing students for real-world scenarios and certifications like CEH.


Like

designermusi
Feb 21, 2023

I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Poker Face Charlie Cale Chicago Buildings T-Shirt

Like
bottom of page