Google security officials are advising Windows users to ensure they’re using the latest version 10 of the Microsoft operating system to protect themselves against a “serious,” unpatched vulnerability that attackers have been actively exploiting in the wild.
Unidentified attackers have been combining an exploit for the unpatched local privilege escalation in Windows with one for a separate security flaw in the Chrome browser that Google fixed last Friday. While that specific exploit combination won’t be effective against Chrome users who are running the latest browser version, the Windows exploit could still be used against people running older versions of Windows. Google researchers privately reported the vulnerability to Microsoft, in keeping with its vulnerability disclosure policy.
