Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

11/2/2020
01:35 PM
50%
50%

Windows Zero-Day Used with Chrome Flaw in Targeted Attacks

Google's Project Zero has disclosed a Windows kernel zero-day vulnerability being used with a known Chrome bug in targeted attacks.

Researchers with Google's Project Zero have disclosed a vulnerability in the Windows kernel being exploited in the wild with a known, patched Google Chrome flaw in targeted attacks.

Related Content:

As Businesses Go Remote, Hackers Find New Security Gaps

The Changing Face of Threat Intelligence

New on The Edge: How Can I Help Remote Workers Secure Their Home Routers?

CVE-2020-17087 exists in the Windows Kernel Cryptography Driver and "constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)," researchers explain in a Chromium entry. 

Source code for a proof-of-concept program was tested on an updated build of Windows 10; however, the flaw is believed to be present as early as Windows 7.

The vulnerability is being used along with CVE-2020-15999, a heap buffer overflow vulnerability that exists in Chrome's implementation of FreeType, a common font rendering library. Project Zero disclosed this flaw with a patch in late October, warning it was being exploited in the wild.

Project Zero typically discloses flaws after 90 days or when a fix is available. In this case, they disclosed seven days after notifying Microsoft because it's being exploited in the wild. The team expects a patch for CVE-2020-17087 will be issued on Nov. 10, the same day as Microsoft's monthly Patch Tuesday rollout.

In a series of tweets, Project Zero technical lead Ben Hawkes wrote a few comments defending the release: "We think there's defensive utility to sharing these details, and that opportunistic attacks using these details between now and the patch being released is reasonably unlikely." So far the bug has been used as part of an exploit chain, and the entry point has been fixed.

Shane Huntley, director of Google's Threat Analysis Group (TAG), has confirmed this is targeted exploitation and not linked to any US election-related targeting. So far, no other details about the active attacks have been released.

Read more information here and the Project Zero post for technical details.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0532
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185196177
CVE-2021-0533
PUBLISHED: 2021-06-21
In memory management driver, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185193932
CVE-2021-26461
PUBLISHED: 2021-06-21
Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CVE-2021-0478
PUBLISHED: 2021-06-21
In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for explo...
CVE-2021-0504
PUBLISHED: 2021-06-21
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...