Recently, a Zero-Day(O-Day) have been discovered by Google’s 0day bug-hunting team which been found in the Windows Kernel such as Elevation of Privileges(EoP) and also the exploited is been actively in targeted attacks.

The vulnerability has taken advantages of pool-based buffer overflow which exist within Cryptography Driver (cng.sys) where listed under CVE-2020-17087

As been mentioned below, this vulnerability also been used for sandbox escape where it connect

Windows kernel bug zero-day

Google’s Project Zero technical leader has described the vulnerability where it can be compromised by the attacker by performing a privilege escalation method and it also conjunction with security’s vulnerabilities resides within Google Chrome. A group of the attacker can take advantages of the vulnerability to ensure that victim’s system will be affected by malware

As a result, Google Chrome has been issued an emergency security update to their browser in order to fix the vulnerability that related to sandbox escape. The action was taken by Google is to ensure the vulnerability have been patched where they have urged the developer to patch it as quick as possible.

Source: Windows kernel zero-day vulnerability used in targeted attacks

By Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *