A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Microsoft Windows Kernel Zero-Day Vulnerability (CVE-2020-17087)

Advisory No: TZCERT/SA/2020/11/11

Date of First Release: 11th November 2020

Source: MICROSOFT

Software Affected: Windows Operating System

Overview:

Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999).

Description:

This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby the flaw exists in the cng!CfgAdtpFormatPropertyBlock function as a result of a 16-bit integer truncation.

Both Chrome vulnerability (CVE-2020-15999) and Window Kernel (CVE-2020-17087) could allow an attacker to break out Google Chrome’s sandbox successfully for privilege escalation.

Impact:

Successful exploitation of the vulnerability could allow an adversary to execute codes on the affected system.

Solution:

Microsoft has not yet released any patch for this issue; however, exploitation of the flaw has only been spotted in conjuction with Chrome vulnerability. Users and administrators are recommended to upgrade Chrome to available stable version of Windows.

CVEFixed Version
CVE-2020-1599986.0.4240.111

References:

  1. https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009
  1. https://community.norton.com/en/forums/windows-zero-day-cve-2020-17087-be-patched-10-nov-2020-actively-exploited-and-using-unpatched

Check Also

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    …