Security News > 2020 > October > Windows kernel zero-day vulnerability used in targeted attacks
Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks.
The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.
Project Zero also provides a proof-of-concept exploit that can be used to crash vulnerable Windows devices even for default system configurations.
According to Ben Hawkes, technical team lead of Google's Project Zero security research team, the ongoing attacks that exploit CVE-2020-17087 in the wild are not focused on targets associated with the U.S. election.
Last week, Google also fixed an actively exploited zero-day vulnerability found by Project Zero researchers in the Google Chrome web browser.
News URL
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Zero-Day Vulnerability in Ivanti VPN (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |