• Report Links
    We do not store any files or images on our server. XenPaste only index and link to content provided by other non-affiliated sites. If your copyrighted material has been posted on XenPaste or if hyperlinks to your copyrighted material are returned through our search engine and you want this material removed, you must contact the owners of such sites where the files and images are stored.

Unpatched Windows 0-Day Bug Is Being Actively Exploited


🦊 DNSProxy Layer 7 DDOS Protection 🥷 / DMCA Ignored 🫡 / Advanced Browser Checks 🕸

X

XMAN

Well-known member
Joined
Jul 12, 2021
Messages
33,393
Reaction score
248
Points
63
A zero-day flaw has been recently reported in Microsoft Windows operating system (OS) that is allegedly being
actively abused in the wild.

  • What is the vulnerability?

The bug, assigned the identifier CVE-2020-17087, exists due to the Windows Kernel Cryptography Driver
(cng.sys) revealing a \Device\CNG device to user-mode programs and supporting various IOCTLs with nontrivial input structures. Specifically, the problem is present in the cng!CfgAdtpFormatPropertyBlock function
due to a 16-bit integer truncation issue that might pave the way for a local exploitation to empower the threat
actors to escalate their privileges and escape security measures such as a sandbox.


  • What are the affected versions?

This flaw is reported to affect Windows versions from Windows 7 to the updated Windows 10 1903 (64-bit)
build.

  • Is the bug being exploited?

This vulnerability is indeed being actively exploited in attacks.
Any patch?

Google’s Project Zero team, who discovered this bug, has already reported this issue to Microsoft who,
unfortunately, is yet to release a patch to address the security hole. However, it is expected that the tech giant
will probably roll out a concerned security update in its next Patch Tuesday release scheduled on 10th November
2020.

Continue reading...
 
Upvote 0 Downvote
You must log in or register to reply here.
Top