Google discloses a Windows Zero-Day vulnerability

Google discloses a Windows Zero-Day vulnerability

By ircrp | ircrp | 31 Oct 2020


 

Security researchers from Google's Project Zero have disclosed Windows exploit which is yet unpatched and thought to be actively used in in the wild to exploit Windows operating systems. The vulnerability is tracked under CVE-2020-17087 and combined with the recent exploits such as Chromium Zero Day bug can lead to what security experts call a sandbox escape.

  • One of the attack vectors highlighted by security experts was through usage of the recently patched vulnerability of Chromium Zero Day bug which would've allowed attackers to run malicious code not only inside of Chromium Web Browser's but also bypass 'secure' container allowing code execution on the underlying operating system.
  • The vulnerability is described as a buffer overflow vulnerability inside of Window's Kernel Cryptographic Driver which can be exploited for privilege escalation.
  • Google Project Zero has notified Microsoft a week ago and has given them seven days to provide a patch to the community before the vulnerability is publicly disclosed.
  • The details were published yesterday and Microsoft did not provide any emergency fix to its community and a patch is expected to be provided on 10th of November as part of the Monthly Patch Tuesday update.
  • Security experts claim the issue is not currently being used to exploit and interfere with the ongoing US Election.

 

Related Reading
 
Ongoing crypto free earn campaigns:
 

 



ircrp
ircrp

Crypto enthusiast and a first-time blogger

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.