Microsoft and Google confirm new vulnerability on Windows 10

Microsoft has made it official that its Windows 7 and Windows 10 operating systems are being exploited by hackers through a zero-day vulnerability that was brought to its note by security researchers related to Google’s Project Zero Team.

The Project Zero Team of Alphabet Inc’s subsidiary consists of hunters who are always busy tracking down security bugs also called vulnerabilities. So, the latest alert issued by them is to the technology giant Microsoft that strictly has a deadline of 7 days to fix the patch.

CVE-2020-17087 is the zero-day vulnerability of Microsoft discovered by the security hunters of Google and the bug is reported to be existing within the Windows Kernel Cryptography Driver known as cng.sys giving the attacker a privilege to use the memory buffer overflow problem to take admin-level control and target Windows Computers.

In a tweet posted by Ben Hawkes, the Project Zero technical lead, it was revealed, that the bug was existing alongside another previously identified bug in Chrome that allowed hackers to run malware on the operating system. And Mr. Hawkes assured that the bug will be fixed by November 10 of this year similar to the chrome bug that was already patched on October 22, 2020.

Shane Huntley, the Cyber Threat Director of Google, confirmed that the newly identified CVE was in no way related to US election information or to spread disinformation and added that it was just a targeted attack like any other day.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display