Microsoft has a zero-day vulnerability in Windows 7 that remains unpatched, Google revealed in a blog post yesterday. It is one of two zero-day vulnerabilities that, along with one in Google Chrome, hackers exploited to send malicious code to users.
The unpatched Windows 7 vulnerability allows hackers to increase local privileges to execute malicious code. Google wrote in its blog post that only 32-bit Windows 7 systems contain this vulnerability. Versions prior to Windows 7 may also be at risk.
Microsoft told Google that it was aware of the problem and that it is working on a solution, but that it is already 10 days late to solve the problem. It tells The Verge, "Microsoft has a commitment to the customer to investigate the reported security issues and update them proactively as soon as possible." Meanwhile, if you are still using Windows 7 in 32 bits, now is a good time to consider upgrading to Windows 10, as the most recent versions have more protections implemented.
Google has already fixed Chrome's vulnerability in its final version on March 1, so you'll want to upgrade to Chrome version 72.0.3626.121 at least to protect yourself from hacks. Chrome is usually updated automatically, but for faster protection, you might want to update manually. The solution was for the Chrome FileReader, a web API that allows sites to read a user's computer files.