Security News > 2020 > November > Microsoft Patches Windows Vulnerability Chained in Attacks With Chrome Bug

Microsoft's Patch Tuesday updates for November 2020 address more than 110 vulnerabilities, including a Windows flaw that was recently disclosed by Google after it was observed being exploited in attacks.

The actively exploited Windows vulnerability is tracked as CVE-2020-17087 and it has been described as a local privilege escalation issue related to the Windows Kernel Cryptography Driver.

Google Project Zero disclosed details of the flaw in late October, several days after its researchers discovered the vulnerability being exploited in attacks alongside a Chrome flaw.

The Windows and Chrome vulnerabilities can be chained to break out of the Chrome sandbox and execute malicious code on the targeted system.

The new advisories don't include the section describing the vulnerability and how it can be exploited and instead aims to provide the information through the Common Vulnerability Scoring System.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/4n-TewIdROU/microsoft-patches-windows-vulnerability-chained-attacks-chrome-bug