[German]Google published a previously publicly-unknown vulnerability in Windows kernel and closes it in Google Chrome browser.
Google has discovered and reported at 10/21/2016 two 0-day vulnerabilities — previously publicly-unknown vulnerabilities – to Adobe and Microsoft. The Adobe Flash vulnerability has been patched by Adobe (see Important: Updates for Flash player (10/27/2016)) and Microsoft (see Microsoft Flash security update for Windows (10/27/2016)).
Now Google has revealed some insides. The Flash vulnerability has been discovered by Google’s project zero and has been reported at 10/21/2016 to Adobe. After a 10 day period Google has made this issue public and mentioned that Google Chrome updates the integrated Flash player.
Much more of interest is the 2nd part of Googles annoncement: There is also a critical vulnerability in Windows, that is actively used in the wild. So Google also released the information. The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape.
Google writes, that it can be triggered via the win32k.sys system call NtSetWindowLongPtr(), if the index GWLP_ID on a window handle with GWL_STYLE is set to WS_CHILD. Sounds pretty esoteric to end users. But in brief: There is a vulnerability in Windows kernel and it’s used in the wild. Google has hardened the Google Chrome browser (Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability). So be careful, which browser you use in Windows 10, until Microsoft issued a patch for this vulnerability.
BTW: here is Microsoft’s statement (via)
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” a Microsoft spokesperson told VentureBeat. “Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
Sources close to Google told venturebeat also, that the mitigation requires an unpatched Flash Player. So, we have to wait, use Google Chrome, and see, what’s Microsoft has in stack.