Google’s Project Zero discloses Windows 0day that’s been under active exploit

0
68
Google’s Project Zero discloses Windows 0day that’s been under active exploit

Google’s Project Zero discloses Windows 0day that’s been under active exploit

Google’s Project Zero discloses Windows 0day that’s been under active exploit

Enlarge (credit: Getty Images)

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments

Source : https://arstechnica.com/?p=1718587