Google Project Zero specialists discovered Windows Kernel Zero-Day Issue (CVE-2020-17087) It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. Worse, it is already being used in targeted attacks.
The vulnerability is related to the operation of the Windows Kernel Cryptography Driver (cng.sys), more specifically the cng! CfgAdtpFormatPropertyBlock function, and belongs to the category of buffer overflow bugs (pool-based buffer overflow).
Researchers have published not only a vulnerability statement, but also a PoC exploit for it, the use of which can lead to the failure of vulnerable Windows devices, even if they are running the system with default settings.
The PoC exploit was tested on the latest version of Windows 10 1903, but the researchers write that the vulnerability is present in other versions of the OS, starting at least with Windows 7.
Although the vulnerability was found only 8 days ago, experts decided to quickly disclose the details of the problem, since hackers are already using it. Researchers have not yet disclosed details about these attacks, but according to the head of Google Project Zero, Ben Hawkes, the operation of CVE-2020-17087 has nothing to do with the US presidential election.
There is no patch for the vulnerability yet, and Hawkes reports on Twitter that the patch is expected to be released only next "Update Tuesday", which is November 10, 2020.
Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google's Threat Analysis Group, Shane Huntley (@ShaneHuntley), that this is targeted exploitation and this is not related to any US election related targeting.
– Ben Hawkes (@benhawkes) October 30, 2020