Recent statistics reveal that Windows 7 remains the most popular Windows version amongst users. Unfortunately, this might be a disadvantage for those who still use it. Recently Google discovered a vulnerability that exists on Windows 8. More than that, it seems that the vulnerability was already exploited in the past.
We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems.
Google reported the issue to Microsoft, and now they made it public.
Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks.
Updating to Windows 10
The bad news is that Microsoft hasn’t launched a fix for this issue just yet, which means that those who still use Windows 7 are at risk. The good news is that Microsoft said that they are working on a fix, which means that it shouldn’t take long until it is released.
The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes. Microsoft have told us they are working on a fix.
Nonetheless, at the moment, the safest solution appears to be upgrading to Windows 10 if you use an older version. Windows 10 is more secure, and no major vulnerabilities have been discovered.
As mitigation advice for this vulnerability users should consider upgrading to Windows 10 if they are still running an older version of Windows, and to apply Windows patches from Microsoft when they become available.
Nora Reynolds is a major in biology and a minor in Biological Basis of Behavior, writing about science in general. She also likes to try new gadgets and sports about the AI new era.