dChan
Anonymous ID: b98dd5 Nov. 1, 2020, 1:50 a.m. No.11388179   🗄️.is 🔗kun   >>8211 >>8223 >>8230 >>8245 >>8326 >>8531 >>8743

Oct 30, 2020

 

On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

 

The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome's secure container and run code on the underlying operating system — in what security experts call a sandbox escape.

 

https://www.zdnet.com/article/google-discloses-windows-zero-day-exploited-in-the-wild/

Anonymous ID: b98dd5 Nov. 1, 2020, 1:56 a.m. No.11388230   🗄️.is 🔗kun   >>8245 >>8261 >>8326 >>8531 >>8743

>>11388179

not fixed yet. Still vulnerable. is this how stuff will "accidentally" get released?

 

Microsoft's Windows is the most popular and widely used operating system in the world. But it is also the most vulnerable among the lot. Despite recent improvements, Windows still has vulnerabilities that have often been exploited by hackers. The recent one has been exposed by Google's bug-hunting team named Project Zero.

 

Google's security experts have found a zero-day vulnerability in Windows Kernel Cryptography Driver (cng.sys) that is actively being targeted by hackers. Tracked as CVE-2020-17087, the vulnerability is present in Windows 7 and Windows 10 since the 1903 update that was released in October 2019.

 

https://www.ibtimes.sg/hackers-exploiting-major-zero-day-kernel-vulnerability-windows-7-10-says-google-52965