Google Discloses Targeted Exploit Found in Windows That Gave Hackers Administrator Access to System


Google has disclosed a vulnerability with Windows Kernel Cryptography Driver that is being exploited to gain access to the target system. This vulnerability works alongside a Google Chrome flaw and according to a report, has only been spotted in conjunction with the Chrome vulnerability. Google patched Chrome and other Chromium based browsers starting October 20 but Microsoft is expected to release a patch on November 10. This is a targeted exploit and not widespread, which means not all users will be affected by it.

The Windows Kernel Cryptography Driver vulnerability CVE-2020-17087 has been disclosed by Google’s Project Zero team after a seven-day disclosure deadline, as it was being used in the wild. This kind of vulnerability can be used to exploit privilege escalation. It is being used in tandem with a Google Chrome flaw (CVE-2020-15999) to gain access to a target system. Following that, the CVE-2020-17087 vulnerability can give the attacker administrator access to the target. While Google patched the flaw in Chrome on October 20, Microsoft is expected to release a patch on November 10, according to Project Zero team technical lead Ben Hawks on Twitter.

The Windows Kernel Cryptography Driver vulnerability has been found to be present ever since Windows 7 but was tested in an up-to-date Windows 10 1903 (64-bit) build. Director of Google’s Threat Analysis Group, Shane Huntley, has also confirmed that this is a targeted exploitation and is not related to US election-related targeting. Since it is targeted, not all Chrome and Windows users will be affected, as per a report by HelpNetSecurity.

The report also states that a Microsoft spokesperson shared that exploitation of the vulnerability has only been seen in tandem with the Chrome vulnerability that was patched on October 20. Other Chromium based browsers like Opera and Microsoft Edge were patched on October 21 and October 22, respectively.


Is OnePlus 8T the best ‘value flagship’ of 2020? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

 





Source link

Latest articles

Everything changes in the blink of an eye in the Bigg Boss 14 house. And it seems that the same...

77% Voter Turnout In Bypoll To Marwahi Assembly Seat In Chhattisgarh

No untoward incident was reported in the constituency during the polling (Representational)Raipur: A high voter turnout of 77 per cent was recorded...

No Objection If Aircraft Carrier Viraat Bought By Another Firm: Centre

The vessel was towed into the shipyards of Gujarat's Alang in September (File)Mumbai: The Bombay High Court on Tuesday asked the Union...

Over 160 Lakh Tonnes Kharif Paddy Arrives In Punjab Mandis

Sangrur district is leading in terms of paddy arrival. (Representational)Chandigarh: Over 160 lakh tonnes of paddy has arrived in Punjab mandis till...
44.1k Followers
Follow

Related articles

Leave a reply

Please enter your comment!
Please enter your name here