Security News > 2020 > November > Microsoft Patches Windows Vulnerability Chained in Attacks With Chrome Bug
Microsoft's Patch Tuesday updates for November 2020 address more than 110 vulnerabilities, including a Windows flaw that was recently disclosed by Google after it was observed being exploited in attacks.
The actively exploited Windows vulnerability is tracked as CVE-2020-17087 and it has been described as a local privilege escalation issue related to the Windows Kernel Cryptography Driver.
Google Project Zero disclosed details of the flaw in late October, several days after its researchers discovered the vulnerability being exploited in attacks alongside a Chrome flaw.
The Windows and Chrome vulnerabilities can be chained to break out of the Chrome sandbox and execute malicious code on the targeted system.
The new advisories don't include the section describing the vulnerability and how it can be exploited and instead aims to provide the information through the Common Vulnerability Scoring System.
News URL
Related news
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Windows vulnerability abused braille “spaces” in zero-day attacks (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft fixes 6 zero-days under active attack (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- New Windows IPv6 Zero-Click Vulnerability (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 7.8 |