Google Project Zero discovered a 0-day vulnerability in the Windows kernel

Google Project Zero has discovered a 0-day vulnerability in the Windows kernel (CVE-2020-17087). It has been reported that this bug could be exploited by an attacker with local access to escalate privileges and escape the sandbox. What is worse, it is already being used in targeted attacks.

The vulnerability is related to the operation of the Windows Kernel Cryptography Driver (cng.sys), more specifically the cng!CfgAdtpFormatPropertyBlock function, and belongs to the category of buffer overflow bugs (pool-based buffer overflow).

We have identified a vulnerability in the processing of IOCTL 0x390400, reachable through the following series of calls: The integer overflow occurs in line 2, and if SourceLength is equal to or greater than 0x2AAB, an inadequately small buffer is allocated from the NonPagedPool in line 3. It is subsequently overflown by the binary-to-hex conversion loop in lines 5-10 by a multiple of 65536 bytes.describe the problems experts from Google Project Zero.

Researchers have published not only a written report on the vulnerability, but also a PoC exploit for it, the use of which can lead to the failure of vulnerable Windows devices, even if they are running the system with default settings.

The PoC exploit has been tested on the latest version of Windows 10 1903, but the researchers write that the vulnerability is present in other versions of the OS, starting at least with Windows 7.

Although the vulnerability was found only 8 days ago, experts decided quickly disclose the details of the problem, since hackers are already using it. Researchers have not disclosed details about these attacks, but according to the head of Google Project Zero, Ben Hawkes, the operation of CVE-2020-17087 has nothing to do with the US presidential election.

There is no patch for the vulnerability yet, and Hawkes reports that the release of the fix is expected only on the next “Patch Tuesday”, that is, November 10, 2020.

In addition to last week’s Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley (@ShaneHuntley), that this is targeted exploitation and this is not related to any US election related targeting.posted by Ben Hawkes on Twitter.

Let me remind you that recently Google Project Zero specialists discovered and described many vulnerabilities in Apple’s operating systems.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *