Google has published zero day of the Windows kernel

Google security researchers revealed today a zero-day vulnerability in the Windows operating system already used on the internet.

The zero-day is expected to be fixed on November 10, the date of Microsoft's next Patch Tuesday, according to Ben Hawkes, head of Project Zero, Google's elite research team.

On Twitter, Hawkes said that Windows zero-day (listed as CVE-2020-17087) has already been used as part of a two-point attack, along with another Chrome zero-day (listed as CVE-2020 -15999) that his team revealed last week.

Chrome zero-day was used to allow intruders to run malicious code inside Chrome, while Windows zero-day was the second part of this attack, allowing attackers to escape from the secure Chrome container and run code in victim operating system.

  Windows 10 1803, 1809 and 1909 support end

The Google Project Zero team informed Microsoft last week and gave the company seven days to correct the error. Vulnerability details were released today, as Microsoft did not release any update at the scheduled time.

According to Google, zero-day is a bug in the Windows kernel that can be exploited to elevate an attacker.

The vulnerability is reported to affect all versions of Windows from Windows 7 to the latest version of Windows 10.

Hawkes did not provide details on who exploited these two vulnerabilities, but usually most zero-days are discovered by state-funded hacking groups or large cybercriminals.

According to Google, the attacks were confirmed by a second security team of the company, the Threat Analysis Group of Google (Threat Analysis Group or simply TAG).

Shane Huntley, director of Google TAG, said the attacks did not appear to be related to the US election.

  Neural Mechanical Translation to Improve Google Translate

Chrome zero-day has been fixed with version 86.0.4240.111 of the Google browser.

Registration in iGuRu.gr via email

Your email for sending each new post

Follow us on Google News iGuRu.gr at Google news

Leave a reply

Your email address Will not be published.

72 +    = 78

Previous Story

Microsoft warns again of Windows Zerologon attacks

Next Story

hackerEnv: Vulnerability and exploit scanner