Security News > 2020 > November > New Windows Zero-Day
2020-11-02 20:01
Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver.
Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.
The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.
The vulnerability is being exploited in the wild, although Microsoft says it's not being exploited widely.
Everyone expects a fix in the next Patch Tuesday cycle.
News URL
https://www.schneier.com/blog/archives/2020/11/new-windows-zero-day.html
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)