Google has disclosed a zero-day vulnerability in the Windows kernel that is currently being exploited in the wild.
Researchers Neel Mehta and Billy Leonard of the Google Threat Analysis Group said it can be triggered, “via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”
Adobe said in the security bulletin accompanying the release, “Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”
Google has advised users to update Flash and install the Microsoft patch as soon as it is made available.
Ilia Kolochenko, CEO of High-Tech Bridge told SCMagazineUK.com: “I think Google shall finally find a way to cooperate with Microsoft in a straightforward and rapid manner, instead of scaring them with full disclosure. In this particular case, motivation behind the full disclosure tactics is clear, however I think it will only aggravate the situation by attracting more cyber-criminals to exploit the flaw in the wild.”
Alex Mathews, EMEA technical manager at Positive Technologies said: “The vulnerability is LPE (Local Privilege Escalation) but it's not RCE (Remote Code Execution). It looks like it allows, under certain conditions, to rewrite some bits in Windows kernel's address space. Theoretically, it's possible to get higher privileges on a local computer, using this vulnerability. However, it will be hard to exploit this vulnerability and achieve stable operation of the system for considerable time, when Patch Guard and ASLR protection technologies are used (since 2007 in Windows)."