Advertisement

Windows 7 Users At Big Risk From ‘Serious Bug’ warns Google

Windows 7 Users At Big Risk From ‘Serious Bug’ warns Google

Google has warned users of a few serious zero-day vulnerabilities that affects both Windows and Google Chrome users. Please read on...

Google said it has already rushed out a patch for the flaw affecting Google Chrome, but it warned that Windows 7 users remain vulnerable as Microsoft has yet to fix the bug.

To make matters worse, Google warned that criminals are “actively exploiting” the flaws and it urged people to apply the Chrome fix as soon as possible.

Advertisement
Daily Steals Up to 95% Off!

Windows issue

Google explained in a blog posting that it had issued its Chrome update at the start of the month.

“This update was pushed through Chrome auto-update,” wrote Clement Lecigne of Google’s Threat Analysis Group. “We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.”

“The second vulnerability was in Microsoft Windows,” wrote Lecigne. “It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.”

Essentially the flaw is located deep within the OS and affects a function that should stop data from one program interacting with something outside that application.

“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows,” Lecigne added. “To date, we have only observed active exploitation against Windows 7 32-bit systems.”

“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft,” Lecigne wrote.

“Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes.”

Advertisement

Google said that Microsoft had informed them that it is working on a fix.

Lecigne also advised Windows 7 users to upgrade to Windows 10 to avoid the flaw.

One way to avoid falling victim was to upgrade to Windows 10, said Mr Lecigne.

Legacy OS

The flaw is a stark reminder of the risk posed by the continued use of legacy operating systems.

Windows 7 was released back in 2009, and there are still millions of PC still running the OS, in both corporate and personal environments.

google dark
Also see: Google Trending Cyber Attack Recent NewsGoogle Trending Cyber Attack Recent News

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

back to top

Top Cyber News

Nearly all Europes operators to offer 5G services to sport events’ organisers

Nearly all Europes operators to offer 5G services to sport events’ organisers

13 March, 2019

The study is based on a survey of C-level and other senior decision makers from 60 of the world’s 100 largest operator...

Just under half of A.I. start-ups in Europe have almost nothing to do with A.I., research finds

Just under half of A.I. start-ups in Europe have almost nothing to do with A.I., research finds

05 March, 2019

Nearly half of the companies in Europe that call themselves AI start-ups don't in fact use artificial intelligence, a ne...

Cracking Down on Botnets

Cracking Down on Botnets

15 April, 2019

Although there is no silver bullet solution for mitigating the risk of botnets, there are a number of helpful best pract...

Apple Speaks About Recycling iPhones Via Robot

Apple Speaks About Recycling iPhones Via Robot

19 April, 2019

Apple has spoken about its effort to become even more environmentally friendly, by offering an insight into its normally...

Cryptominers Still Top Threat but Coinhive's Shutdown Could Change That

Cryptominers Still Top Threat but Coinhive's Shutdown Could Change That

12 March, 2019

Coinhive has remained on top of Check Point Software's global threat index for the last 15 months. ...

Telia tracks network data for smarter cities in northern Europe

Telia tracks network data for smarter cities in northern Europe

28 March, 2019

It uses aggregated, anonymised phone data to monitor crowd patterns.

Categories

External Links

About Us

Follow Us