Google reveals exploit in Windows that gives attackers administrator access


The team of security researchers at Project Zero, the division of Google dedicated to finding software vulnerabilities, warned of a vulnerability in the operating system Windows that would allow attackers to execute malicious code with additional permissions on compromised computers.

Specifically, this zero-day flaw resides in the Windows kernel cryptography driver (cng.sys), the main part of the software, and exposes the device to a “locally accessible attack that can be exploited to scale. privileges ”until you get administrator access.

According to Ben Hawkes, Technical Lead at Project Zero, the security bug (logged as CVE-2020-17087) was actively exploited along with another vulnerability (CVE-2020-15999) present in the browser of Google Chrome, although the latter has already been fixed in version 86.0.4240.111.

Known as a sandbox escape, this exploit took advantage of the two flaws to run malicious software, escape from the secure container of Chrome and subsequently accessing the operating system with privileges, which would allow cybercriminals to steal information from the affected computer.

The security issue affects all versions of Windows, from Windows 7 up to the latest version of Windows 10. It is expected that next Tuesday, November 10, Microsoft will release a security update to solve the vulnerability.


Source link by https://larepublica.pe/tecnologia/2020/11/08/google-revela-exploit-en-windows-que-da-a-atacantes-acceso-de-administrador/

*The article has been translated based on the content of Source link by https://larepublica.pe/tecnologia/2020/11/08/google-revela-exploit-en-windows-que-da-a-atacantes-acceso-de-administrador/
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!


These were the details of the news Google reveals exploit in Windows that gives attackers administrator access for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.

It is also worth noting that the original news has been published and is available at en24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.

PREV India eyes fintech, clean hydrogen cooperation with Saudi Arabia
NEXT Explainer: What legal grounds does the UN have to oppose Israel’s ban on UNRWA and what could it mean for Gaza?