Google, through Project Zero, has revealed details of a new Zero Day privilege escalation flaw. This issue is currently exploited on Windows.
Vulnerability Elevation of Privilege (EoP), tracked as CVE-2020-17087. Refers to a buffer overflow that has been present since at least Windows 7. In the Windows kernel encryption driver (“cng.sys”) which can be exploited to escape the sandbox.
Google reveals Windows vulnerability that is exploited
“The problem lies in the cng! CfgAdtpFormatPropertyBlock and it’s happening because of a 16-bit integer truncation issue, ”Google Project Zero researchers Mateusz Jurczyk and Sergei Glazunov said in their white paper.
The security team released the details after a seven-day disclosure delay. Due to proof that it is under active exploitation.
Project Zero shared a proof of concept (PoC) feat. This can be used to corrupt kernel data and block vulnerable Windows devices. Even in the default system settings.
What’s remarkable is that the exploit chain requires a CVE-2020-17087 link to another Chrome Zero Day browser (CVE-2020-15999). Google corrected this error a week ago.
Chrome’s Zero involves a buffer overflow in the Freetype font library. To run malicious code in the browser, but a Windows issue allows an attacker to break out of Chrome’s sandbox protections. Running code on Windows, also known as sandbox escaping.
Noting that the operation “is not related to any US election goal,” Project Zero’s Ben Hawkes said Microsoft is expected to release a fix for the problem on November 10.
“We believe there is a defensive utility to share these details, and that opportunistic attacks using these details from here and the patch released are reasonably unlikely (so far it has been used as part of a chain exploits, and the entry point attack is fixed), ”he said.
“The short term for exploitation in the wild also tries to encourage out-of-band patches or other mitigation measures that are urgently developed / shared. These improvements you expect to see over a long period of time, ”added Hawkes.