Google Warns Of Windows Zero-Day Under Attack

  /     /     /  
Publicated : 22/11/2024   Category : security

Google Warns Of Windows Zero-Day Under Attack


Critical vulnerability found by Google has yet to be announced or fixed by Microsoft.


Google researchers today disclosed that they had found and reported to Microsoft a critical vulnerability in Windows that Microsoft has not yet fixed - and is being used by attackers in the wild.
This Halloween Day revelation by Google threat analysis group members Neel Mehta and Billy Leonard falls under Googles policy for reporting active exploits of critical vulnerabilities. Google says it first reported the bug to Microsoft on October 21. 
After 7 days, per our 
published policy for actively exploited critical vulnerabilities
, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited, the Google team said in a post today.
The Windows vulnerability is a local privilege-escalation flaw in the Windows kernel that can be used to bypass a security sandbox. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chromes sandbox blocks win32k.sys system calls using the 
Win32k lockdown
 mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,
the Google team wrote

We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not — and to apply Windows patches from Microsoft when they become available for the Windows vulnerability.
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Google Warns Of Windows Zero-Day Under Attack