Security News > 2020 > October > Windows kernel zero-day vulnerability used in targeted attacks
Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks.
The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.
Project Zero also provides a proof-of-concept exploit that can be used to crash vulnerable Windows devices even for default system configurations.
According to Ben Hawkes, technical team lead of Google's Project Zero security research team, the ongoing attacks that exploit CVE-2020-17087 in the wild are not focused on targets associated with the U.S. election.
Last week, Google also fixed an actively exploited zero-day vulnerability found by Project Zero researchers in the Google Chrome web browser.
News URL
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Attack Surface Management vs. Vulnerability Management (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |