Security News > 2020 > November > New Windows Zero-Day
2020-11-02 20:01
Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver.
Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.
The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.
The vulnerability is being exploited in the wild, although Microsoft says it's not being exploited widely.
Everyone expects a fix in the next Patch Tuesday cycle.
News URL
https://www.schneier.com/blog/archives/2020/11/new-windows-zero-day.html