Business Standard

Wednesday, December 25, 2024 | 12:37 AM ISTEN Hindi

Notification Icon
userprofile IconSearch

Alert users! Google just released a critical vulnerability in Windows

The bug can potentially allow cyber attackers to escape the security sandbox

General view of Microsoft Corporation headquarters at Issy-les-Moulineaux, near Paris. Photo: Reuters

General view of Microsoft Corporation headquarters at Issy-les-Moulineaux, near Paris. Photo: Reuters

BS Web Team New Delhi
Revealing a critical vulnerability in the Windows operating system, Google on Monday said in blog post that a bug could allow the attackers to escape the security sandbox. The vulnerability is particularly serious because it is being actively exploited and Microsoft hasn’t fixed it so far, Google said.

"The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” the post said.
 
Google regularly looked for vulnerabilities that were unknown (“zero-day”) to public and report it to the affected vendors and worked closely with them to find a solution, Google said.

According to Google, these vulnerabilities are more dangerous because the attackers target a limited subset of people, such as political activists. Google usually gives vendors 60 days to fix the issue and, in case of critical bugs, it notifies in seven days. But according to Venturebeat, a technology website, Microsoft spokesperson said: “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk.”

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Nov 01 2016 | 4:14 PM IST

Explore News