Google: Abandon Windows 7 and Upgrade to Windows 10 Right Now

[The AchieVer]

Google: Abandon Windows 7 and Upgrade to Windows 10 Right Now 

Google recommends Windows 7 users to upgrade to Windows 10 if possible, as a kernel vulnerability allows for local privilege escalation on the operating system.

Clement Lecigne, Threat Analysis Group, explains that in late February, Google discovered two different security vulnerabilities, one in Google Chrome browser and another one in Windows.

The Chrome bug has already been patched with the release of update 72.0.3626.121, but the Windows 7 security flaw is yet to be fixed.

Microsoft says the vulnerability resides in the Windows win32k.sys kernel driver and it can be used as a security sandbox escape. Windows 10 doesn’t seem to be affected, Google says, as this operating system version comes with additional mitigations that make it possible to block exploits.

“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems,” Lecigne notes.Upgrade to Windows 10 ASAPThe Google security researcher says the bug was reported to Microsoft and the software giant is working on a fix already.

“In compliance with our policy, we are publicly disclosing its existence, because it is a serious vulnerability in Windows that we know was being actively exploited in targeted attacks. The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser vulnerability to evade security sandboxes,” the advisory notes.

Until Microsoft delivers a fix, the only way to stay secure is to upgrade to Windows 10, Google says. When patches become available, users should install them as soon as possible on Windows 7.

Launched in 2009, Windows 7 is projected to reach the end of support in January 2020, so home users and enterprises alike are now urged to upgrade to Windows 10 to continue receiving security updates.

 

 

 

Source

 

 

[straycat19]

Surely they jest.  Get rid of a very stable, secure operating system for Microsoft's Beta Forever Windows 10 is ludicrous.  The best thing that can happen to Windows 7 is that Microsoft will quit screwing around with it next year and I won't have to continually block their stupid updates.

[moopster]

Abandon all Hope

Ye Who Enter Here

[funkyy]

32 minutes ago, moopster said:

Abandon all Hope

Ye Who Enter Here

Abandon all hope

Ye who believe a word Microsoft says in their latest scare-mongering tactic in another blatant attempt to push people to install Win 10 (BETA).  I could understand a little if Win 10 (BETA) was a smooth running stable system without the disastrous patch Tuesdays that it has heaped on users....but until it is a smooth running stable system I'll pass thank you very much.😀😀😀

[luisam]

20 hours ago, The AchieVer said:

“We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems,”

 

OK, so what does this means in plain language? Actually, does it mean anything? In any case, if anything, it implies that Windows 7 64 bits is safe

[Karlston]

8 hours ago, luisam said:

OK, so what does this means in plain language? Actually, does it mean anything? In any case, if anything, it implies that Windows 7 64 bits is safe

 

From the article, only 32-bit Windows 7 is vulnerable right now, and then presumably only until Microsoft rolls out a patch.

 

The implication is that 64-bit Windows 7 and all Windows 8, 8.1, and 10 versions are already protected.

 

So despite Google's advice, upgrading to Windows 8.1 or to 64-bit Windows 7 are also options to avoid the vulnerability.