Google’s Threat Analysis group made note of a critical vulnerability in Windows in a blog post that is open to public. The bug allows attackers to escape from security sandboxes as there is a flaw in the win32k system, making it critical, and reportedly it’s being actively exploited. While Google has already taken appropriate measures to protect Chrome users, Windows remain helpless and now we all know about it!
“After 7 days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited”, reported Google in their blog post.
Although the blog post does not provide exclusive details, it is enough for users to make sense of a possible attack without making it too easy for anyone to replicate.
“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” said Google.
“We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not,” Google’s post recommends, “and to apply Windows patches from Microsoft when they become available”, Google added.