Windows Zero Day in Play

Wednesday, November 2, 2016 @ 10:11 AM gHale


There is a Windows Zero Day under active exploitation, said researchers at Google.

The vulnerability (CVE-2016-7855) is a local privilege escalation in the Windows kernel that can end up used as a security sandbox escape, and triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD,” said Neel Mehta and Billy Leonard of the Google Threat Analysis Group.

RELATED STORIES
LDAP Open for Attack
IoT Attack Scare: Is Industry Ready?
Dirty COW Zero-Day Patched
Backdoor Hits WTP

The researchers shared the vulnerability with Microsoft and Adobe on October 21, since it also affected Flash Player.

Adobe already released an update with the patch, however, Microsoft has not.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10,” Adobe said in the security bulletin.

Google made the flaw public before Microsoft has had the chance to fix it because it is a critical vulnerability that could lead to system compromise, and is under active exploitation.

They have advised users to update Flash and implement the Microsoft patch as soon as it is made available.

In the meantime, Windows 10 users can use Google Chrome to protect themselves against possible attacks leveraging the flaw.

“Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” Mehta and Leonard said in a blog post.



Leave a Reply

You must be logged in to post a comment.