Top
image credit: Christiaan Colen / Flickr

Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape

November 2, 2020

Via: Threat Post
Category:

A high-severity Windows driver bug is being exploited in the wild as a zero-day. It allows local privilege escalation and sandbox escape.

The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.

The flaw (CVE-2020-17087) has to do with the way the Windows Kernel Cryptography Driver (cng.sys) processes input/output control (IOCTL), which is a system call for device-specific input/output operations and other operations that cannot be expressed by regular system calls.

Read More on Threat Post

RELATED PUBLICATIONS

US Senate passes bill to ban TikTok: Here’s what happens now
Is the Arm version of Windows ready for its close-up?
Gemini Code Assist to Create APIs, Integrations, and Automation Flows in Public Preview

Latest Publications

Android versions: A living history from 1.0 to 15
Salesforce launches Einstein Copilot for general availability
There is no escape from Google Meet: Meetings now seamlessly follow you anywhere
Software Curated Copyright © 2024. All rights reserved
Go to ITCurated!