Google Discloses Windows Zero-Day Vulnerability Being Exploited in the Wild

Google Project Zero disclosed details for a zero-day vulnerability CVE-2020-17087 found in the Windows operating system that being currently exploited in the wild. A vulnerability management tool discovered this.

Earlier Google had released a patch addressing a zero-day vulnerability (CVE-2020-15999) found in Chrome web browsers. The vulnerability allowed a remote attacker to exploit heap corruption by crafting a HTML page. However, to stop this vulnerability, a auto patching solution can come in.

The newly disclosed Windows zero-day vulnerability (CVE-2020-17087) when used with Chrome based zero-day vulnerability (CVE-2020-15999) allows an attacker to escape the Chrome sandbox environment and run the code directly on Windows.

CVE-2020-17087 details

The vulnerability resides in the Windows kernel cryptography driver (cng.sys) that causes a buffer overflow which exploits to gain elevated privileges. The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs (an Input-Output Control interface to communicate with a device) with non-trivial input structures. It constitutes a locally accessible attack surface that exploits for privilege escalation.

Impact

Google has already issued patches for the Chrome zero-day vulnerability. Users applied Chrome’s patch considered not affected by the remote execution, though the execution is still possible locally.

The affected version of windows

Expects the bug to affect Windows 7 through Windows 10.

Solution

SanerNow offers the detection and remediation for CVE-2020-15999. It can also detect the affected Windows OS for CVE-2020-17087. Patch for the same is currently unavailable from Microsoft.

According to the tweet by Ben Hawkes, the patch for CVE-2020-17087 expects released on November 10 (Patch Tuesday).