14 DAY TRIAL // Google recommends Windows 7 users to upgrade to Windows 10 if possible, as a kernel vulnerability allows for local privilege escalation on the operating system.
Clement Lecigne, Threat Analysis Group, explains that in late February, Google discovered two different security vulnerabilities, one in Google Chrome browser and another one in Windows.
The Chrome bug has already been patched with the release of update 72.0.3626.121, but the Windows 7 security flaw is yet to be fixed.
Microsoft says the vulnerability resides in the Windows win32k.sys kernel driver and it can be used as a security sandbox escape. Windows 10 doesn’t seem to be affected, Google says, as this operating system version comes with additional mitigations that make it possible to block exploits.
“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems,” Lecigne notes.
Upgrade to Windows 10 ASAP
The Google security researcher says the bug was reported to Microsoft and the software giant is working on a fix already.
“In compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes,” the advisory notes.
Until Microsoft delivers a fix, the only way to stay secure is to upgrade to Windows 10, Google says. When patches become available, users should install them as soon as possible on Windows 7.
Launched in 2009, Windows 7 is projected to reach the end of support in January 2020, so home users and enterprises alike are now urged to upgrade to Windows 10 to continue receiving security updates.