Discovered on October 22, a 0-day Windows 10 flaw has not yet been fixed. And even if the flaw is currently exploited, it will not be corrected until November 10, 2020, when Microsoft will deploy its traditional Patch Tuesday.
Project Zero, a team of cybersecurity specialists put together by Google, recently highlighted an o-day flaw concerning Windows 10. The vulnerability is called CVE-2020-17087 and causes a Windows kernel buffer overflow.
So far, nothing abnormal, the Microsoft operating system regularly being the subject of vulnerabilities of all kinds. But Microsoft was slow to fix it, the source code was released and hackers are already at work to take advantage of it.
Read also: Windows 10, the October 2020 patch Tuesday fixes 87 security flaws, including a very dangerous one
Microsoft is slow to fix Windows 10 flaw CVE-2020-17087
According to the Google team, a bug residing in the cng function! CfgAdtpFormatPropertyBlock and regarding the Windows Kernel Cryptography driver (cng.sys) can cause a 16-bit integer truncation problem. Carrying the identifier CVE-2020-17087, this bug was revealed on October 22, but has still not been corrected by Microsoft. Once the flaw has been exploited, a hacker is then able to cause machine crashes, which can be annoying, but does not in itself cause any security problem. On the other hand, he also has the possibility to elevate his privileges, which turns out to be much more problematic since he then has the means to take control of the PC.
According to Google, it seems that hackers were already exploiting this security flaw before its discovery by the Project team: Google therefore granted Microsoft 7 days to address the vulnerability, after which Project Zero published its source code. This is not the first time that Google has given Microsoft a very short deadline to patch its operating system. In 2018, a vulnerability revealed in Windows 10 S had even forced the editor of Redmond to release a patch in disaster on its site.
There is therefore an emergency now. Note however that the vulnerability in question can only be exploited locally and not remotely. What strongly limit its scope. On the other hand, if the source code has been tested successfully on Windows 10 version 1903, according to the Project Zero team, this flaw could also affect Windows 7 and Windows 8.1. At present, therefore, there is no way to close this security hole. Also according to Project Zero, Microsoft is working on a fix, but it will not be released until the next Patch Tuesday, which is scheduled for the November 10.
*The article has been translated based on the content of Source link by https://www.phonandroid.com/windows-10-faille-de-securite-qui-ne-sera-pas-corrigee-avant-le-10-novembre-2020.html
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
These were the details of the news Windows 10 is the victim of a security breach that will... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at en24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.