Windows Microsoft Windows Kernel Local Privilege Escalation Vulnerability - Zero Day

The Windows vulnerability is a local privilege-escalation flaw in the Windows kernel that can be used to bypass a security sandbox. "It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD.

Google Security reports that this critical vulnerability is actively being exploited in the wild.

Further details can be found under Disclosing vulnerabilities to protect users .

Could allow an attacker to gain unauthorized higher privileges with system-level privileges.

Microsoft has not released a patch to resolve this issue.

Customers are advised to contact Microsoft regarding official updates or workarounds.

Workaround:
Windows 10 users can use the latest Google Chrome to help reduce the attack surface.