Security News > 2020 > October > Google Discloses Actively Targeted Windows Vulnerability
Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks.
"The Windows Kernel Cryptography Driver exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation," Jurczyk explains.
Details on the vulnerability were submitted to the Google Project Zero discussion board on October 22.
The security researchers have published the source code of a proof-of-concept exploit for the vulnerability, which was tested on "An up-to-date build of Windows 10 1903.".
The vulnerability appears to have been exploited in targeted attacks, but not in incidents related to the U.S. elections.
News URL
Related news
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
- Google Patches Quick Share Vulnerability Enabling Silent File Transfers Without Consent (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)