Security News > 2020 > November > WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild.
The elevation of privileges vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.
Project Zero has shared a proof-of-concept exploit that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations.
What's notable is that the exploit chain requires linking CVE-2020-17087 with another Chrome browser zero-day that was fixed by Google last week.
The Chrome zero-day involves a heap buffer overflow in the Freetype font library to run malicious code in the browser, but the newly revealed Windows zero-day makes it possible for an attacker to break out of Chrome's sandbox protections and run the code on Windows - also called a sandbox escape.
News URL
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- New Windows Themes zero-day gets free, unofficial patches (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |