TECHBYTE: Google has disclosed a critical vulnerability in windows that affects Windows kernel. The windows bug has been reported to Tech giant about 10 days ago but it hasn't fix by Microsoft yet. After waiting the days after reporting Google has finally told people of that bug in windows .
Search engine giant Google has posted critical vulnerability in the Windows kernel, an integral part of the operating system. The bug is Windows Kernel can be used to escape security sandbox. Google warns Windows about that vulnerability on October 21, but Windows hasn't fix that issue yet.
In the technical term the bug vulnerability as fallows
"The Windows vulnerability is a local privilege escalation in the
Windows kernel that can be used as a security sandbox escape. It can be
triggered via the win32k.sys system call NtSetWindowLongPtr() for the
index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.
Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability."
Sandbox is a computer security term used to refer to the limits placed
on users of applications and processes. Thus, a sandbox escape refers to
breaking out of the virtual system and infiltrating others. Google's
Chrome browser actively blocks the "escape" on Windows 10, but those
using other browsers and other versions of Windows remain susceptible to
an attack.
"This vulnerability is particularly serious because we know it is being actively exploited," Google said in a blog post on Monday.
This is not the first time Google has reported on bugs in Microsoft's operating system. Google has also reported Adobe about the Flash vulnerability CVE-2016-7855 on October 21 and the same has been patched. To fix that users need to simply update the Adobe Flash on their and it will also be available via Chrome auto-update.
If you have something to tell please comment below.
0 comments:
Post a Comment