Skip to main content
  1. Home
  2. Computing
  3. News

Microsoft releases patch for zero-day Flash and Windows Kernel exploit

Kevin Parrish
By

women in artificial intelligence google data center header
Google
Microsoft released a patch on Tuesday to fix a zero-day Flash and Windows Kernel vulnerability recently outed by Google. Microsoft had stated previously a fix was being internally tested and would roll out to all relevant Windows platforms and it made good on its word.

Microsoft previously took the opportunity to chastise Google for releasing the breach data publicly before Microsoft was ready to release a patch.

Recommended Videos

At the end of October, Google, in accordance with its disclosure timeline for active vulnerabilities, publicly detailed a pair of nasty vulnerabilities in both Adobe’s Flash and Microsoft’s Windows platform. This came after a week of internal discussion with both companies, which saw the former issue a patch for their software and the latter not.

Related

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” said Terry Myerson, executive vice president of Windows and Devices Group.

Google maintains however that it gave Microsoft plenty of time to respond to the news. Neel Mehta and Billy Leonard of Google’s Threat Analysis Group reports submitted a warning to both Adobe and Microsoft over zero-day vulnerabilities discovered in Adobe Flash and Windows. The report was provided to both companies on October 21 and Adobe immediately responded on October 26 with an update to Flash.

“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape,” they stated on Monday. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.”

This is a bug that Microsoft claims is now being actively exploited by a Russian hacking group, which it names as Strontium — though as BetaNews explains, it has gone by other names, too. This is a group previously cited as a Russian state actor, suggesting some sort of blessing from the country’s administration.

The attacks have involved targeted spear phishing against a subset of Windows users, though Microsoft did not detail who makes up that group, which doesn’t do much to comfort potentially affected users. It did however go out of its way to claim that Windows 10 users running Microsoft’s Edge browser were protected from it.

Although Microsoft didn’t state as such, customers who use the Chrome browser should not see a problem either, as its “sandbox” capability blocks calls to a core Windows component (win32k.sys) by taking advantage of a lockdown feature built into Windows. This prevents hackers from using the newly discovered vulnerability to escape the browser’s sandbox environment.

If you are not familiar with what sandboxing does, just imagine a virtual box that keeps all running code related to the internet contained as a separate entity in the browser, preventing code, malicious or not, from spilling over into the Windows environment and executing separately. But with the new vulnerability, hackers could create internet-based malware that could slip through the container’s cracks and install on a targeted PC.

Thus, Windows customers not using Google Chrome could be subject to an attack when surfing the internet with another browser.

“We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not — and to apply Windows patches from Microsoft when they become available for the Windows vulnerability,” Google said in a statement of its own. Now that the fix has been released, users are strongly recommended to upgrade as soon as possible to avoid being subject to a hack attack.

Adobe warned about CVE-2016-7855 last week, stating that the vulnerability enables hackers to run malicious code on a target PC using a Flash file. In turn, this code can install various threats in the PC’s system that eventually can grant the hacker full control. The problem was listed as critical and was accompanied by a patch bringing Flash Player up to version 232.0.0.205 for Windows/Mac/Chrome OS, and up to version 11.2.202.643 for Linux.

According to Adobe, the targeted attacks are limited and focus on machines running Windows 7, Windows 8.1, and Windows 10. So far, there are no signs that hackers are targeting Linux machines as well, but Adobe released a patch for those users nonetheless.

Web surfers not sure about what version of Flash Player they are using can check the version number by heading here to allow Adobe’s website to scan the locally installed software. Users can also right-click on a webpage’s (many) Flash component(s) and select “About Adobe (or Macromedia) Flash Player” from the menu. Users should do this for every browser installed on the PC.

Updated on 11-08-2016 by Mark Coppock: Added note that the exploit has been fixed in the November 8 patch.

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The best tablets in 2024: top 11 tablets you can buy now
Disney+ app on the iPad Air 5.

As much as we love having the best smartphones in our pockets, there are times when those small screens don't cut it and we just need a larger display. That's when you turn to a tablet, which is great for being productive on the go and can be a awesome way to unwind and relax too. While the tablet market really took off after the iPad, it has grown to be quite diverse with a huge variety of products — from great budget options to powerhouses for professionals.

We've tried out a lot of tablets here at Digital Trends, from the workhorses for pros to tablets that are made for kids and even seniors -- there's a tablet for every person and every budget. For most people, though, we think Apple's iPad Air is the best overall tablet — especially if you're already invested in the Apple ecosystem. But if you're not an Apple user, that's fine too; there are plenty of other great options that you'll find in this roundup.

Read more
How to delete a file from Google Drive on desktop and mobile
Google Drive in Chrome on a MacBook.

Google Drive is an excellent cloud storage solution that can be accessed from numerous devices. Whether you do most of your Google Drive uploading or downloading from a PC, Chromebook, or mobile device, there’s going to come a time when you’ll need to delete a file (or two). Fortunately, the deletion process couldn’t be more straightforward. We’ve also put together this helpful guide to show you how to trash your Drive content a couple of different ways.

Read more
Windows 11 might nag you about AI requirements soon
Copilot on a laptop on a desk.

After recent reports of new hardware requirements for the upcoming Windows 11 24H2 update, it is evident that Microsoft is gearing up to introduce a bunch of new AI features. A new report now suggests that the company is working on adding new code to the operating system to alert users if they fail to match the minimum requirements to run AI-based applications.

According to Albacore on X (formerly known as Twitter), systems that do not meet the requirements will display a warning message in the form of a watermark. After digging into the latest Windows 11 Insider Build 26200, he came across requirements coded in the operating system for an upcoming AI File Explorer feature. The minimum requirement includes an ARM64 processor, 16GB of memory, 225GB of total storage, and a Qualcomm Snapdragon X Elite NPU.

Read more