Microsoft fixes zero-day leak in the Windows kernel environment



[ad_1]

12. November 2020 – In addition to several other vulnerabilities, Microsoft is also remedying a zero-day vulnerability with November’s patchday, which is jaw-dropping in all current versions of Windows from Windows 7 onwards.

On patch day in November, Microsoft also addressed a zero-day vulnerability with one of several security updates discovered by Google’s Project Zero in October. This is a vulnerability in the Windows kernel encryption driver, designated CVE-2020-17087, which occurs in all versions of Windows since Windows 7 and in Windows Server 2008 and later.

According to Google researchers, the already exploited vulnerability makes a device accessible in Device CNG to processes that run in user mode. Attackers can use the logon leak to run code with higher permissions and then exit the sandbox, for example.
(Where is it)

.

[ad_2]
Source link