Security News > 2016 > November > Google warns of actively exploited Windows zero-day (Help Net Security)
2016-11-01 15:14
Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild. According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security sandbox escape, and can be triggered “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/P7gOorNs5_s/
Related news
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft: January Windows security updates break audio playback (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Microsoft shares workaround for Windows security update issues (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 8.8 |