The Project Zero team revealed its affiliate لشركة Google, which is known for discovering security threats about a security vulnerability in the Windows system, affects versions of (Windows 7), and even version 1903 of the system (Windows 10).
Google said at Charter: It has evidence of active exploits of an exposed vulnerability, which allows attackers to execute code with advanced permissions.
The interesting thing is that the vulnerability that is being tracked using the naming (CVE-2020-17087), along with another vulnerability is actively exploited in the Chrome browser. Project Zero discovered and reported an actively exploited 0day in freetype that was being used to target Chrome. A stable release that fixes this issue (CVE-2020-15999) is available here: https://t.co/ZRQe72Qfkh
CVE-2020-15999 reported last week, leading to what is known as escaping from sandboxing, in which the cyber criminal takes advantage of these two vulnerabilities to execute code on a hacked target by escaping from the browser’s safe environment, according to what Explained (Catalin Simpano) from the (ZDNet) technical site.
Project Zero discovered and reported an actively exploited 0day in freetype that was being used to target Chrome. A stable release that fixes this issue (CVE-2020-15999) is available here: https://t.co/ZRQe72Qfkh— Ben Hawkes (@benhawkes) October 20, 2020
The disclosure post also adds that Microsoft will fix this vulnerability with an upcoming Tuesday patch on November 10. However, fixes for Windows 7 releases will only make it for users who have subscribed to Extended Security Updates (ESU); Therefore, not all users will be able to fix the problem in their Windows 7 systems. Because the vulnerability is actively exploited, the search giant team offered Microsoft seven days to correct the bug before publicly disclosing it today.
Google has already patched the vulnerability in Chrome by releasing the stable version (86.0.4240.1111) of the browser. As for the Windows vulnerability, the vulnerability lies in the Windows Kernel Encryption Driver (cng.sys), which the Project Zero team explains in detail in the post. The company has also attached a proof of concept code to show how the exploit might disrupt the system.
In addition, (Shane Huntley) – the director of the Google Threat Analysis Group, emphasized that the vulnerability was not related to any government-sponsored attack on the upcoming US elections.
These were the details of the news Google reveals a vulnerability in Windows and it is now exploited for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at saudi24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.