Security News > 2016 > November > Google warns of actively exploited Windows zero-day (Help Net Security)
2016-11-01 15:14
Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild. According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/P7gOorNs5_s/
Related news
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Windows 10 KB5043064 update released with 6 fixes, security updates (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- About that Windows Installer 'make me admin' security hole. Here's how it's exploited (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Windows Server 2025 previews security updates without restarts (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 9.3 |