Security News > 2020 > November > New Windows Zero-Day
2020-11-02 20:01
Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver.
Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.
The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.
The vulnerability is being exploited in the wild, although Microsoft says it's not being exploited widely.
Everyone expects a fix in the next Patch Tuesday cycle.
News URL
https://www.schneier.com/blog/archives/2020/11/new-windows-zero-day.html
Related news
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 (source)
- New Windows zero-day exploited by 11 state hacking groups since 2017 (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- New Windows zero-day leaks NTLM hashes, gets unofficial patch (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)