Author Topic: Google Discloses Actively Exploited Windows Vulnerability  (Read 71 times)

0 Members and 1 Guest are viewing this topic.

Offline Antus67

  • Full Member
  • ***
  • Posts: 93
    • View Profile
Google Discloses Actively Exploited Windows Vulnerability
« on: March 09, 2019, 12:15:38 PM »

By Ionut Arghire on March 08, 2019

Google this week released information on a zero-day vulnerability in Windows being actively exploited in targeted attacks alongside a recently fixed Chrome flaw (CVE-2019-5786).

The Windows vulnerability has been described as a local privilege escalation in the win32k.sys kernel driver and it can be abused for a security sandbox escape.

“The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances,” Clement Lecigne of Google’s Threat Analysis Group explains.

Full Article Here:https://www.securityweek.com/google-discloses-actively-exploited-windows-vulnerability