Security News > 2020 > November > Microsoft Patches Windows Vulnerability Chained in Attacks With Chrome Bug

Microsoft's Patch Tuesday updates for November 2020 address more than 110 vulnerabilities, including a Windows flaw that was recently disclosed by Google after it was observed being exploited in attacks.
The actively exploited Windows vulnerability is tracked as CVE-2020-17087 and it has been described as a local privilege escalation issue related to the Windows Kernel Cryptography Driver.
Google Project Zero disclosed details of the flaw in late October, several days after its researchers discovered the vulnerability being exploited in attacks alongside a Chrome flaw.
The Windows and Chrome vulnerabilities can be chained to break out of the Chrome sandbox and execute malicious code on the targeted system.
The new advisories don't include the section describing the vulnerability and how it can be exploited and instead aims to provide the information through the Common Vulnerability Scoring System.
News URL
Related news
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft has finally fixed Date & Time bug in Windows 11 (source)
- Microsoft shares workaround for Windows security update issues (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Microsoft to remove the Location History feature in Windows (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-11 | CVE-2020-17087 | Incorrect Calculation of Buffer Size vulnerability in Microsoft products Windows Kernel Local Elevation of Privilege Vulnerability | 0.0 |