Windows 7 Users At Risk From ‘Serious Bug’, Google Warns

Google has warned users of a couple serious zero-day vulnerabilities that affects both Windows and Google Chrome users.

Google said it has already rushed out a patch for the flaw affecting Google Chrome, but it warned that Windows 7 users remain vulnerable as Microsoft has yet to fix the bug.

To make matters worse, Google warned that criminals are “actively exploiting” the flaws and it urged people to apply the Chrome fix as soon as possible.

Windows flaw

Google explained in a blog posting that it had issued its Chrome update at the start of the month.

“This update was pushed through Chrome auto-update,” wrote Clement Lecigne of Google’s Threat Analysis Group. “We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.”

“The second vulnerability was in Microsoft Windows,” wrote Lecigne. “It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.”

Essentially the flaw is located deep within the OS and affects a function that should stop data from one program interacting with something outside that application.

“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows,” Lecigne added. “To date, we have only observed active exploitation against Windows 7 32-bit systems.”

“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft,” Lecigne wrote.

“Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes.”

Google said that Microsoft had informed them that it is working on a fix.

Lecigne also advised Windows 7 users to upgrade to Windows 10 to avoid the flaw.

One way to avoid falling victim was to upgrade to Windows 10, said Mr Lecigne.

Legacy OS

The flaw is a stark reminder of the risk posed by the continued use of legacy operating systems.

Windows 7 was released back in 2009, and there are still millions of PC still running the OS, in both corporate and personal environments.

Microsoft ditched support for even older operating systems years ago. Support for Windows Vista ended in 2017 for example.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NHS Staff Say New Tech Will Treat Extra 18.6 Million Patients A Year

Research from Virgin Media O2 Business finds majority of NHS staff believe new tech will…

4 hours ago

Alphabet Q2 Beats Expectations, But Shares Dip

Despite share buyback and positive Q2 results, Alphabet's share price falls over YouTube slowdown and…

5 hours ago

Google Cancels Plan To Axe Third Party Cookies For Chrome Browser

Better switch to Firefox? After years of delays, Google performs u-turn and will no longer…

6 hours ago

Meta Releases Open Source Llama 3.1 AI Model

Release of latest AI model, Llama 405B, offers improved reasoning capabilities especially for math and…

7 hours ago

Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage

Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week's…

11 hours ago