Security News > 2016 > November > Google warns of actively exploited Windows zero-day (Help Net Security)
2016-11-01 15:14
Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild. According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/P7gOorNs5_s/
Related news
- Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades (source)
- Windows 11 installation media bug causes security update failures (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft: January Windows security updates break audio playback (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 8.8 |