Google’s Project Zero discloses Windows 0day that’s been under active exploit

by
Dan Goodin
from Ars Technica - All content on (#59RAY)
malware-800x600.jpg

Enlarge (credit: Getty Images)

Google's project zero says that hackers have been actively exploiting a Windows zeroday that isn't likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google's vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it's under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments

index?i=A4f_qSOMC-w:7SgfKs0YoHE:V_sGLiPB index?i=A4f_qSOMC-w:7SgfKs0YoHE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments