Security News > 2020 > November > Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
A high-severity Windows driver bug is being exploited in the wild as a zero-day.
The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.
"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue," the Project Zero team explained.
It worked on an up-to-date build of Windows 10 1903, but researchers said that the bug appears to affect Windows versions going back to Windows 7.
Another Project Zero team member noted that Microsoft is expected to fix the bug on its next Patch Tuesday update, on Nov. 10.
News URL
https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)