Security News > 2020 > November > WARNING: Google Discloses Windows Zero-Day Bug Exploited in the Wild
Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild.
The elevation of privileges vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.
Project Zero has shared a proof-of-concept exploit that can be used to corrupt kernel data and crash vulnerable Windows devices even under default system configurations.
What's notable is that the exploit chain requires linking CVE-2020-17087 with another Chrome browser zero-day that was fixed by Google last week.
The Chrome zero-day involves a heap buffer overflow in the Freetype font library to run malicious code in the browser, but the newly revealed Windows zero-day makes it possible for an attacker to break out of Chrome's sandbox protections and run the code on Windows - also called a sandbox escape.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |