Time to Update to Windows 10 After Critical Flaws are Found In Chrome & Windows 7
Google recently released details of an exploit that allows privileged escalation in Windows when used together with a recently patched Google Chrome vulnerability. Google recommends that Chrome users restart their browser to ensure the patches are applied, but you can also deploy the Google Chrome patch across your entire network. Google also recommends that users update to Windows 10.
Earlier Google released an update for the Chrome web browser that it urged users to ensure was implemented immediately. The Threat Analysis Group at Google had uncovered a critical Zero-Day vulnerability that was already being exploited in the wild. You can read more about the critical Google Chrome flaw in this article, which also includes a custom report to list all affected workstations.
Now Google has warned us about another Zero-Day vulnerability impacting Windows 7 users, that was being used together with the Chrome exploit to take over Windows systems.
The Windows vulnerability has yet to be patched but Microsoft believes it only affects Windows 7 32-bit systems. In the meantime, Google is recommending that all users still running Windows 7 should upgrade to Windows 10.
The Windows zero-day is a local privilege escalation in the win32k.sys kernel driver that allows it to escape the security sandbox. The vulnerability can be used to elevate system privileges by an attacker who might then be able to execute remote malicious code.
Windows 7 End-of-Life
The vulnerability provides us with another reason to update to Windows 10, as Windows 7 is due to reach End Of Life (EOL) on 14 January 2020.
With Windows 7 EOL coming up, we previously published a custom report which lists all workstations that are closing in on the End-of-Life date. You can run the same report to find out if there still any Windows assets running on Windows 7.
If you haven't already, start your free Lansweeper trial and get cracking.