Security News > 2020 > October > Google Discloses Actively Targeted Windows Vulnerability
Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks.
"The Windows Kernel Cryptography Driver exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation," Jurczyk explains.
Details on the vulnerability were submitted to the Google Project Zero discussion board on October 22.
The security researchers have published the source code of a proof-of-concept exploit for the vulnerability, which was tested on "An up-to-date build of Windows 10 1903.".
The vulnerability appears to have been exploited in targeted attacks, but not in incidents related to the U.S. elections.