A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Advisory No: TZCERT/SA/2020/11/11

Date of First Release: 11th November 2020


Software Affected: Windows Operating System


Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999).


This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby the flaw exists in the cng!CfgAdtpFormatPropertyBlock function as a result of a 16-bit integer truncation.

Both Chrome vulnerability (CVE-2020-15999) and Window Kernel (CVE-2020-17087) could allow an attacker to break out Google Chrome’s sandbox successfully for privilege escalation.


Successful exploitation of the vulnerability could allow an adversary to execute codes on the affected system.


Microsoft has not yet released any patch for this issue; however, exploitation of the flaw has only been spotted in conjuction with Chrome vulnerability. Users and administrators are recommended to upgrade Chrome to available stable version of Windows.

CVEFixed Version


  1. https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009
  1. https://community.norton.com/en/forums/windows-zero-day-cve-2020-17087-be-patched-10-nov-2020-actively-exploited-and-using-unpatched

Check Also

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)

Advisory No: TZCERT/SA/2024/05/31-2 Date of First Release: 31st May 2024 Source: Hewlett-Packard (HP) Software Affected: …