Security researchers from Google's Project Zero have disclosed Windows exploit which is yet unpatched and thought to be actively used in in the wild to exploit Windows operating systems. The vulnerability is tracked under CVE-2020-17087 and combined with the recent exploits such as Chromium Zero Day bug can lead to what security experts call a sandbox escape.
- One of the vectors highlighted by security experts was through usage of the recently patched vulnerability of Chromium Zero Day bug which would've allowed attackers to run malicious code not only inside of Chromium Web Browser's but also bypass 'secure' container allowing code execution on the underlying operating system.
- The vulnerability is described as a buffer overflow vulnerability inside of Window's Kernel Cryptographic Driver which can be exploited for privilege escalation.
- Google Project Zero has notified Microsoft a week ago and has given them seven days to provide a patch to the community before the vulnerability is publicly disclosed.
- The details were published yesterday and Microsoft did not provide any emergency fix to its community and a patch is expected to be provided on 10th of November as part of the Monthly Patch Tuesday update.
- Security experts claim the issue is not currently being used to exploit and interfere with the ongoing US Election.
Related Reading
- New Chromium Zero-Day bug under exploitation in the wild
- Bitcoin Network is getting clogged up
- Brave Desktop Browser gets an update
- Harvest Finance engineering mistake fiasco
- Ledger phishing emails
- Cyber Threat On The Rise
- Surfing the net a bit more securely
- Monero's Oxygen Orion Upgrade Successful
- The long awaited launch of Filecoin is finally here
- Grants for d(apps) to be built on top of Raiden Network (L2)