The vulnerability is a NULL pointer dereference in win32k!MNGetpItemFromIndex when NtUserMNDragOver() system call is called under specific circumstances. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape. The second vulnerability was in Microsoft Windows. We encourage users to verify that Chrome auto-update has already updated Chrome to. To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1 this update was pushed through Chrome auto-update. On Wednesday, February 27th, we reported two 0-day vulnerabilities - previously publicly-unknown vulnerabilities - one affecting Google Chrome and another in Microsoft Windows that were being exploited together. Posted by Clement Lecigne, Threat Analysis Group
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |