Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Advisory No: TZCERT/SA/2020/11/11

Date of First Release: 11^th November 2020

Source: MICROSOFT

Software Affected: Windows Operating System

Overview:

Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999).

Description:

This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby the flaw exists in the cng!CfgAdtpFormatPropertyBlock function as a result of a 16-bit integer truncation.

Both Chrome vulnerability (CVE-2020-15999) and Window Kernel (CVE-2020-17087) could allow an attacker to break out Google Chrome’s sandbox successfully for privilege escalation.

Impact:

Successful exploitation of the vulnerability could allow an adversary to execute codes on the affected system.

Solution:

Microsoft has not yet released any patch for this issue; however, exploitation of the flaw has only been spotted in conjuction with Chrome vulnerability. Users and administrators are recommended to upgrade Chrome to available stable version of Windows.

CVE	Fixed Version
CVE-2020-15999	86.0.4240.111

References:

1. https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009

2. https://community.norton.com/en/forums/windows-zero-day-cve-2020-17087-be-patched-10-nov-2020-actively-exploited-and-using-unpatched