Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild

Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild

Google Project Zero has disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that is being currently exploited in the wild.

Earlier Google had released a patch addressing a zero-day vulnerability (CVE-2020-15999) found in Chrome web browsers. The vulnerability allowed a remote attacker to exploit heap corruption by crafting a HTML page.

The newly disclosed Windows zero-day vulnerability (CVE-2020-17087) when used with Chrome based zero-day vulnerability (CVE-2020-15999) allows an attacker to escape the Chrome sandbox environment and run the code directly on Windows.

CVE-2020-17087 details

The vulnerability resides in the Windows kernel cryptography driver (cng.sys) that causes a buffer overflow which can be exploited to gain elevated privileges. The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs (an Input-Output Control interface to communicate with a device) with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation.

Impact

Google has already issued patches for the Chrome zero-day vulnerability. Users who have applied Chrome’s patch are considered to be not affected by the remote execution, though the execution is still possible locally.

The affected version of windows

The bug is expected to affect Windows 7 through Windows 10.

Solution

SanerNow offers the detection and remediation for CVE-2020-15999. It can also detect the affected Windows OS for CVE-2020-17087. Patch for the same is currenlty unavailable from Microsoft.

According to the tweet by Ben Hawkes, the patch for CVE-2020-17087 is expected to be released on November 10 (Patch Tuesday).

 

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments