Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft releases patch for zero-day Flash and Windows Kernel exploit

By

women in artificial intelligence google data center header
Google
Microsoft released a patch on Tuesday to fix a zero-day Flash and Windows Kernel vulnerability recently outed by Google. Microsoft had stated previously a fix was being internally tested and would roll out to all relevant Windows platforms and it made good on its word.

Microsoft previously took the opportunity to chastise Google for releasing the breach data publicly before Microsoft was ready to release a patch.

Recommended Videos

At the end of October, Google, in accordance with its disclosure timeline for active vulnerabilities, publicly detailed a pair of nasty vulnerabilities in both Adobe’s Flash and Microsoft’s Windows platform. This came after a week of internal discussion with both companies, which saw the former issue a patch for their software and the latter not.

Related

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” said Terry Myerson, executive vice president of Windows and Devices Group.

Google maintains however that it gave Microsoft plenty of time to respond to the news. Neel Mehta and Billy Leonard of Google’s Threat Analysis Group reports submitted a warning to both Adobe and Microsoft over zero-day vulnerabilities discovered in Adobe Flash and Windows. The report was provided to both companies on October 21 and Adobe immediately responded on October 26 with an update to Flash.

“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape,” they stated on Monday. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”

This is a bug that Microsoft claims is now being actively exploited by a Russian hacking group, which it names as Strontium — though as BetaNews explains, it has gone by other names, too. This is a group previously cited as a Russian state actor, suggesting some sort of blessing from the country’s administration.

The attacks have involved targeted spear phishing against a subset of Windows users, though Microsoft did not detail who makes up that group, which doesn’t do much to comfort potentially affected users. It did however go out of its way to claim that Windows 10 users running Microsoft’s Edge browser were protected from it.

Although Microsoft didn’t state as such, customers who use the Chrome browser should not see a problem either, as its “sandbox” capability blocks calls to a core Windows component (win32k.sys) by taking advantage of a lockdown feature built into Windows. This prevents hackers from using the newly discovered vulnerability to escape the browser’s sandbox environment.

If you are not familiar with what sandboxing does, just imagine a virtual box that keeps all running code related to the internet contained as a separate entity in the browser, preventing code, malicious or not, from spilling over into the Windows environment and executing separately. But with the new vulnerability, hackers could create internet-based malware that could slip through the container’s cracks and install on a targeted PC.

Thus, Windows customers not using Google Chrome could be subject to an attack when surfing the internet with another browser.

“We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not — and to apply Windows patches from Microsoft when they become available for the Windows vulnerability,” Google said in a statement of its own. Now that the fix has been released, users are strongly recommended to upgrade as soon as possible to avoid being subject to a hack attack.

Adobe warned about CVE-2016-7855 last week, stating that the vulnerability enables hackers to run malicious code on a target PC using a Flash file. In turn, this code can install various threats in the PC’s system that eventually can grant the hacker full control. The problem was listed as critical and was accompanied by a patch bringing Flash Player up to version 232.0.0.205 for Windows/Mac/Chrome OS, and up to version 11.2.202.643 for Linux.

According to Adobe, the targeted attacks are limited and focus on machines running Windows 7, Windows 8.1, and Windows 10. So far, there are no signs that hackers are targeting Linux machines as well, but Adobe released a patch for those users nonetheless.

Web surfers not sure about what version of Flash Player they are using can check the version number by heading here to allow Adobe’s website to scan the locally installed software. Users can also right-click on a webpage’s (many) Flash component(s) and select “About Adobe (or Macromedia) Flash Player” from the menu. Users should do this for every browser installed on the PC.

Updated on 11-08-2016 by Mark Coppock: Added note that the exploit has been fixed in the November 8 patch.

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Trying to buy a GPU in 2023 almost makes me miss the shortage
Two AMD Radeon RX 7000 graphics cards on a pink surface.

The days of the GPU shortage are long over, but somehow, buying a GPU is harder than ever -- and that sentiment has very little to do with stock levels. It's just that there are no obvious candidates when shopping anymore.

In a generation where no single GPU stands out as the single best graphics card, it's hard to jump on board with the latest from AMD and Nvidia. I don't want to see another GPU shortage, but the state of the graphics card market is far from where it should be.
This generation is all over the place

Read more
HP printers are heavily discounted in Best Buy’s flash sale
The HP - OfficeJet Pro 8034e Wireless All-In-One Inkjet Printer on a desk with a smartphone.

There’s good news in store if you’re looking to land a new printer at a discount this weekend. Best Buy is having a 48-hour flash sale on HP printers, with several that can compete with the best printers seeing some good prices. HP is almost always one of the best laptop brands, and it’s one of the same when it comes to printers. So if you’re looking for a new home or office printer, read onward on how to save on an HP printer at Best Buy.
HP DeskJet 2755e — $60, was $85

The HP DeskJet 2755e is a good entry-level printer. It’s got you covered if your printing needs are pretty basic, or if you don’t need to print in mass. This is a color InkJet printer, which makes it good for almost all uses. It can also make copies and scan in color, and it has mobile and wireless printing functionality. You can get set up quickly and easily with the HP Smart app that guides you through the setup process, and you can also use this app to print, scan and copy documents from your phone.

Read more
This tiny ThinkPad can’t quite keep up with the MacBook Air M2
Lenovo ThinkPad X1 Nano Gen 3 rear view showing lid and logo.

While the laptop industry continues to move toward 14-inch laptops and larger, the 13-inch laptop remains an important category. One of the best is the Apple MacBook Air M2, with an extremely thin and well-built chassis, great performance, and incredibly long battery life.

Lenovo has recently introduced the third generation of its ThinkPad X1 Nano, one of the lightest laptops we've tested and a good performer as well. It's stiff competition, but which of these two diminutive laptops stands apart?
Specs and configurations

Read more