New Delhi, October 31
A team of Google security researchers has revealed a zero-day vulnerability in the Microsoft Windows operating system that is currently being exploited.
According to Ben Hawkes, technical manager of the Google Zero project, the zero-day vulnerability is expected to be fixed on November 10.
“In addition to last week’s Chrome / freetype 0day (CVE-2020-15999), Project Zero also detected and reported Windows kernel bug (CVE-2020-17087) which was used for a sandbox breakout,” a Hawkes said in a tweet on Friday.
“Currently, we expect a fix for this issue will be available on November 10,” he added.
November 10 is also the date for Microsoft’s next security patch.
“We have confirmed with Google Threat Analysis Group Director Shane Huntley that this is targeted exploitation and is unrelated to any US election-related targeting,” Hawkes informed .
The Google Project Zero team informed Microsoft last week and gave the company seven days to fix the bug, ZDNet reports.
The zero-day bug in the Windows kernel can be exploited to elevate an attacker’s code with additional permissions.
The vulnerability affects all versions of Windows between Windows 7 and the latest version of Windows 10.
Microsoft had yet to comment on the new zero day bug.
In March of last year, Google said threat actors also combined a zero-day Chrome with a Windows zero-day vulnerability.
Google also made public details of a mid-level security flaw in the Microsoft Edge browser in 2018. The vulnerability was first discovered in November 2017 by the search giant’s Project Zero. IANS