Security News > 2020 > October > Windows kernel zero-day vulnerability used in targeted attacks
Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks.
The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.
Project Zero also provides a proof-of-concept exploit that can be used to crash vulnerable Windows devices even for default system configurations.
According to Ben Hawkes, technical team lead of Google's Project Zero security research team, the ongoing attacks that exploit CVE-2020-17087 in the wild are not focused on targets associated with the U.S. election.
Last week, Google also fixed an actively exploited zero-day vulnerability found by Project Zero researchers in the Google Chrome web browser.
News URL
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |