Security News > 2020 > November > Microsoft fixes Windows zero-day disclosed by Google last month
Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month.
According to Project Zero researchers Mateusz Jurczyk and Sergei Glazunov who discovered it, the security flaw currently tracked as CVE-2020-17087 is a pool-based buffer overflow found in the Windows Kernel Cryptography Driver.
Project Zero provided a PoC exploit when it disclosed the bug on October 30, 2020, that can be used to crash unpatched Windows devices even for default system configurations.
The ongoing attacks exploiting this zero-day detected by Project Zero last month were not related to the U.S. election according to Google's TAG group which researches government-backed attacks targeting the company's users.
Due to the vulnerability being actively exploited in the wild, Project Zero disclosed it way before the default 90-day disclosure deadline was reached, after 7 days of being added to the Project Zero issue tracker.
News URL
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |