Microsoft has a zero-day vulnerability in Windows 7 that remains unpatched, Google revealed in a blog post yesterday. It’s one of two zero-day vulnerabilities that, along with one in Google Chrome, hackers were exploiting to send malicious code to users.
The unpatched Windows 7 vulnerability lets hackers escalate local privileges to execute malicious code. Google wrote in its blog post that it’s only seen Windows 7 32-bit systems contain this vulnerability. Older versions before Windows 7 may also be at risk.
Microsoft has told Google it’s aware of the issue and is working on a fix, but it’s already 10 days late addressing the problem. It tells The Verge, “Microsoft has a customer commitment to investigate reported security issues and proactively update as soon as possible.” In the meantime, if you’re still using Windows 7 in 32-bit, now is a good time to consider upgrading to Windows 10, as newer versions have more protections in place.
Google already patched the Chrome vulnerability on its end on March 1st, so you’ll want to immediately update to version 72.0.3626.121 of Chrome at least to protect yourself from hacks. Chrome usually updates automatically but for faster protection, you may want to update manually. The fix was for Chrome’s FileReader, a web API that let sites read a user’s computer files.
Also, seriously, update your Chrome installs… like right this minute. #PSA