Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks.
The vulnerability is related to the operation of the Windows Kernel Cryptography Driver (cng.sys), more specifically the cng!CfgAdtpFormatPropertyBlock function, and belongs to the category of buffer overflow bugs (pool-based buffer overflow).
Researchers have published not only a written report on the vulnerability, but also a PoC exploit for it, the use of which can lead to the failure of vulnerable Windows devices, even if they are running the system with default settings.
The PoC exploit has been tested on the latest version of Windows 10 1903, but the researchers write that the vulnerability is present in other versions of the OS, starting at least with Windows 7.
Although the vulnerability was found only 8 days ago, experts decided quickly disclose the details of the problem, since hackers are already using it. Researchers have not disclosed details about these attacks, but according to the head of Google Project Zero, Ben Hawkes, the operation of CVE-2020-17087 has nothing to do with the US presidential election.
There is no patch for the vulnerability yet, and Hawkes reports that the release of the fix is expected only on the next “Patch Tuesday”, that is, November 10, 2020.
Let me remind you that recently Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems.