Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.

Dark Reading Staff, Dark Reading

November 3, 2020

2 Min Read

Researchers with Google's Project Zero have disclosed a vulnerability in the Windows kernel being exploited in the wild with a known, patched Google Chrome flaw in targeted attacks.

CVE-2020-17087 exists in the Windows Kernel Cryptography Driver and "constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)," researchers explain in a Chromium entry. 

Source code for a proof-of-concept program was tested on an updated build of Windows 10; however, the flaw is believed to be present as early as Windows 7.

The vulnerability is being used along with CVE-2020-15999, a heap buffer overflow vulnerability that exists in Chrome's implementation of FreeType, a common font rendering library. Project Zero disclosed this flaw with a patch in late October, warning it was being exploited in the wild.

Project Zero typically discloses flaws after 90 days or when a fix is available. In this case, they disclosed seven days after notifying Microsoft because it's being exploited in the wild. The team expects a patch for CVE-2020-17087 will be issued on Nov. 10, the same day as Microsoft's monthly Patch Tuesday rollout.

In a series of tweets, Project Zero technical lead Ben Hawkes wrote a few comments defending the release: "We think there's defensive utility to sharing these details, and that opportunistic attacks using these details between now and the patch being released is reasonably unlikely." So far the bug has been used as part of an exploit chain, and the entry point has been fixed.

Shane Huntley, director of Google's Threat Analysis Group (TAG), has confirmed this is targeted exploitation and not linked to any US election-related targeting. So far, no other details about the active attacks have been released.

Read more information here and the Project Zero post for technical details.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights