Security News

Google researchers have made public a Windows kernel zero day vulnerability that is being exploited in the wild in tandem with a Google Chrome flaw that has been patched on October 20. CVE-2020-17087 is a vulnerability in the Windows Kernel Cryptography Driver, and "Constitutes a locally accessible attack surface that can be exploited for privilege escalation."

Microsoft is investigating a known issue leading to missing system and user certificates after updating certain managed Windows 10 systems using outdated installation media through update management tools, physical media, or ISO images. "System and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10," Microsoft explains.

Google has disclosed details of a new zero-day privilege escalation flaw in the Windows operating system that's being actively exploited in the wild. The elevation of privileges vulnerability, tracked as CVE-2020-17087, concerns a buffer overflow present since at least Windows 7 in the Windows Kernel Cryptography Driver that can be exploited for a sandbox escape.

Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8. With Open Shell, you can change the appearance of the Start Menu and replace with the likes of Windows 7.

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers. The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder.

Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks. "The Windows Kernel Cryptography Driver exposes a DeviceCNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation," Jurczyk explains.

Microsoft is rolling out a new tool called 'Resources monitor' that will allow you to free up resources in Windows 10 using Xbox's Game Bar. This new resources monitor works just like the traditional Task Manager, but it sits on top of running games and allows you to kill background processes without having to leave your game.

Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks. The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.

Upcoming changes to how Windows 10 automatically installs driver updates may cause plug-and-play to break for some devices. Windows Update is also used to deliver automatic drivers to allow hardware developers to quickly deploy fixes to Windows 10 users encountering bugs in an existing driver.

Upcoming changes to how Windows 10 automatically installs driver updates may cause plug-and-play to break for some devices. Windows Update is also used to deliver automatic drivers to allow hardware developers to quickly deploy fixes to Windows 10 users encountering bugs in an existing driver.