Tuesday November 01, 2016

Google Reveals Unpatched Windows Bug

Google has revealed an unpatched Windows bug that they say hackers are actively exploiting. Google reported the flaw to Microsoft on October 21st but, since no update has been released yet, the company has gone public with its findings.

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.