Security News > 2020 > October > Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers
Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers.
The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder.
The privilege-escalation issue was identified by Mateusz Jurczyk and Sergei Glazunov of Google Project Zero.
"The Windows Kernel Cryptography Driver exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures," the bug report explains.
It can be exploited to break out of Chrome's sandbox, and gain control of the victim's PC. The Google researchers have posted PoC exploit code tested on Windows 10 1903.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/30/windows_kernel_zeroday/
Related news
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Google OAuth Vulnerability Exposes Millions via Failed Startup Domains (source)
- Hackers use Google Search ads to steal Google Ads accounts (source)
- Hackers use Windows RID hijacking to create hidden admin account (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (source)