Two Google employees, Billy Leonard and Nele Mehta, who operate in the Google Threat Analysis Group, have discovered a vulnerability of the type Zero-Day* in the Windows operating system and in Adobe Flash.
After the discovery, a report was sent to both companies on 21 in October. On 26 in October Adobe was ready to make an update available for Flash and corrected the problem with CVE-2016-7855. This update is available through Adobe's Updater and Chrome auto-update.
Microsoft has yet to come up with any solution to the problem discovered by Google.
The vulnerability discovered in Windows is a privilege change in the Windows Kernel, which can be used to exit a sandbox *, as demonstrated by Billy Leonard and Nele Mehta.
People using the Chrome browser will not notice a problem because the browser sandbox can block requests made by Windows core components, such as win32k.sys, the part that was exploited. As such, Black-Hat Hackers will not be able to exit the browser sandbox as shown by digitaltrends.com.
Under Google policies, they give 7 days for companies to resolve the issue before they publicly make the announcement. The company believes that Windows users are taking a big risk, as there is already evidence that the vulnerability is already being exploited.
The Mount View giant encourages all users to see if Adobe Flash has done the automatic upgrade, otherwise they should upgrade manually. They also recommend that you upgrade to Windows when they become available. It appears that the vulnerability is present in Windows 7, 8.1 and 10.
-----------
*0-Day (Zero-Day) Vulnerability: is a vulnerability in a computer system that has only been discovered, has not yet been disclosed or has not yet been fixed, generally unknown to the manufacturer and the general public.
IT technicians, companies or anyone who understands IT should always be aware of the forums that publish 0-Day vulnerabilities to know how to protect themselves so far that they have released an update to fix the problem. This type of vulnerability can cause great harm because it can take a while until the problem is repaired.
It should be noted that these forums are attended by both IT professionals, White-Hat Hackers and Black-Hat Hackers. And many Black-Hat hackers take advantage of these publications to make their attacks sophisticated and taking advantage of the time these bugs have yet to be fixed.
-----------
One of the Sandbox represents a "virtual box," where all code runs during access to the internet as a separate entity from the browser, preventing harmful elements from entering the rest of Windows. The new vulnerability can help Black-Hat Hackers go through the security of sandbox elements and install malware on a computer.
