Google discloses Windows zero-day actively exploited in targeted attacks

Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw.

Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw (CVE-2019-5786).

The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape.

“It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape.” reads the post published by Google.

“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,”

Experts argue the Windows zero-day could be exploited only on Windows 7 due to recent exploit mitigations added in newer versions of Microsoft OS. To date, experts only observed active exploitation against Windows 7 32-bit systems.

This time, Google decided immediately disclose the issue because the Windows zero-day is being actively exploited in targeted attacks.

The tech giant reported the bug to Microsoft last week and a patch isn’t available yet.

“Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks.” continues the post.

“The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix,”

At the time, the only way to mitigate the flaw is to upgrade their systems to Windows 10, of course, the experts recommend to apply patches as soon as they become available.

According to Google, targeted attacks involving the Windows zero-day also exploited the Chrome vulnerability recently fixes by Google.

Google addressed the issue by rolling out a stable Chrome update 72.0.3626.121 for Windows, Mac, and Linux operating systems.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Windows zero-day, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.