Security News > 2020 > November > Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
A high-severity Windows driver bug is being exploited in the wild as a zero-day.
The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.
"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue," the Project Zero team explained.
It worked on an up-to-date build of Windows 10 1903, but researchers said that the bug appears to affect Windows versions going back to Windows 7.
Another Project Zero team member noted that Microsoft is expected to fix the bug on its next Patch Tuesday update, on Nov. 10.
News URL
https://threatpost.com/unpatched-windows-zero-day-exploited-sandbox-escape/160828/
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
- Telegram fixes Windows app zero-day used to launch Python scripts (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)