Windows 7 users are at risk from a "serious" bug that
could let malicious hackers take over their computer, Google has warned.
Cyber-thieves are "actively
exploiting" the vulnerability by combining it with a separate flaw found
in the Chrome browser.
Google has issued an update for its Chrome web
browser to close the loophole.
Microsoft has said it is also working on a fix
for the problem in Windows 7.
Squashing bugs
The Windows flaw exists in core elements of
the operating system that are supposed to stop data in one program interacting
with anything outside that application.
Google said it had seen evidence that criminal
hackers had found a way to make attack code jump from Chrome into other
applications to help them compromise a machine.
A patch has been
produced for Chrome and users should ensure that they have updated their
browser to close the loophole, said
Google engineer Justin Schuh.
"Seriously, update your Chrome
installs... like right this minute," he tweeted.
The serious nature of the flaw in Chrome meant
the software had to be shut down and re-started for the patch to take effect,
he added.
"To date, we have only observed active
exploitation against Windows 7 32-bit systems," wrote Clement Lecigne from
Google's threat analysis group in a blog exploring the flaw.
One way to avoid falling victim was to upgrade
to Windows 10, said Mr Lecigne.
Microsoft has not given a date for when its
patch for Windows 7 will be released, but said it would be "as soon as
possible". Millions of machines still run Windows 7 despite it being
almost 10 years old.
Writing
on the Sophos security blog, Paul Ducklin said: "There
doesn't seem to be a workaround, but if you make sure you're up-to-date, you
don't need one because the bug will be squashed."
Posts
No comments:
Post a Comment