Security News > 2020 > November > Microsoft fixes Windows zero-day disclosed by Google last month
Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month.
According to Project Zero researchers Mateusz Jurczyk and Sergei Glazunov who discovered it, the security flaw currently tracked as CVE-2020-17087 is a pool-based buffer overflow found in the Windows Kernel Cryptography Driver.
Project Zero provided a PoC exploit when it disclosed the bug on October 30, 2020, that can be used to crash unpatched Windows devices even for default system configurations.
The ongoing attacks exploiting this zero-day detected by Project Zero last month were not related to the U.S. election according to Google's TAG group which researches government-backed attacks targeting the company's users.
Due to the vulnerability being actively exploited in the wild, Project Zero disclosed it way before the default 90-day disclosure deadline was reached, after 7 days of being added to the Project Zero issue tracker.
News URL
Related news
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft to start force-upgrading Windows 22H2 systems next month (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Microsoft fixes Windows Server performance issues from August updates (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Microsoft rolls out Office LTSC 2024 for Windows and Mac (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |