- Jan 8, 2011
- 22,361
Via Google: Abandon Windows 7 and Upgrade to Windows 10 Right Now
Google Online Security Blog: Disclosing vulnerabilities to protect users across platforms
We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.
Google Online Security Blog: Disclosing vulnerabilities to protect users across platforms
On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.
To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was pushed through Chrome auto-update. We encourage users to verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later.
The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windowswin32k.sys
kernel driver that can be used as a security sandbox escape. The vulnerability is a NULL pointer dereference inwin32k!MNGetpItemFromIndex when NtUserMNDragOver()
system call is called under specific circumstances.
We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.
How to Get Windows 11 for Your Compatible PC
Find out how to get Windows 11 from Microsoft. Check your PC’s compatibility against the system requirements to see if you can upgrade to Windows 11.
www.microsoft.com