Original article on my website, onyxcode.net
Google has now publicly released details on a zero day exploit that hackers are supposedly actively using to hack Windows 10 and 7 PCs. Project Zero by Google gave Microsoft an ultimatum that the vulnerability needed to be fixed within 1 week. However, due to Microsoftβs lack of action, Google let the details on to the public scene.
This nameless exploit, labeled CVE-2020-17087, can be kryptonite to PCs running Windows 10 and 7 because it allows the attacker to elevate their user access level inside Windows.
Most cases of the exploit can be found used in connection with another bug in Googleβs Chrome web browser which allowed the attackers to escape Chromeβs βsandboxβ which could deploy and run malware on the host system. Fortunately, the bug involving Chrome has been fixed.
Ban Hawkes, the technical leader of Project Zero says that Microsoft plans to release a patch on the 10th of November. Microsoft themselves could not confirm this date but issued a statement saying in part: βMicrosoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchersβ deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.β
However, the attackerβs motives are still unknown. Googleβs threat intelligence director says the attacks were βtargetedβ but not related to the United States 2020 election.
The attacks were βvery limitedβ according to a Microsoft spokesperson, and βno evidence to indicate widespread usage.β Itβs yet another bug in the list of many to affect Windows this year. In January, the NSA helped find a βcryptographic bugβ, but there was no evidence it was ever exploited.
Yet, in June and September, the U.S. Department of Homeland Security alerted to critical Windows bugs that included spread via internet and gaining elevated access to an entire Windows network.
Top comments (0)