Overview

Description

Advisory No: TZCERT/SA/2020/11/11

Date of First Release: 11^th November 2020

Source: MICROSOFT

Software Affected: Windows Operating System

Overview:

Google has disclosed zero-day vulnerability in Microsoft Windows Kernel that is being exploited alongside with Google Chrome flaw (CVE-2020-15999).

Description:

This vulnerability is caused by the buffer overflow in the Windows Kernel Cryptography Driver (cng.sys) whereby the flaw exists in the cng!CfgAdtpFormatPropertyBlock function as a result of a 16-bit integer truncation.

Both Chrome vulnerability (CVE-2020-15999) and Window Kernel (CVE-2020-17087) could allow an attacker to break out Google Chrome’s sandbox successfully for privilege escalation.

Impact:

Successful exploitation of the vulnerability could allow an adversary to execute codes on the affected system.

Solution:

Microsoft has not yet released any patch for this issue; however, exploitation of the flaw has only been spotted in conjuction with Chrome vulnerability. Users and administrators are recommended to upgrade Chrome to available stable version of Windows.

References:

1. https://www.tenable.com/blog/cve-2020-15999-cve-2020-17087-google-chrome-microsoft-windows-kernel-zero-day-vulnerabilities-exploited-in-wild-along-with-cve-2020-16009

2. https://community.norton.com/en/forums/windows-zero-day-cve-2020-17087-be-patched-10-nov-2020-actively-exploited-and-using-unpatched

Impact

Solution

References