Microsoft fixes Windows zero-day disclosed by Google last month

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,148
Content source
https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-zero-day-disclosed-by-google-last-month/
Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month.

According to Project Zero researchers Mateusz Jurczyk and Sergei Glazunov who discovered it, the security flaw currently tracked as CVE-2020-17087 is a pool-based buffer overflow found in the Windows Kernel Cryptography Driver (cng.sys).

"The bug resides in the cng!CfgAdtpFormatPropertyBlock function and is caused by a 16-bit integer truncation issue," the researchers explained.

Microsoft tagged the bug with a CVSS:3.0 severity rating of 7.8/10 saying that it can be exploited by local attackers with low privileges for privilege escalation (including sandbox escape) in low complexity attacks not requiring user interaction.

CVE-2020-17087 affects desktop systems running Windows 7 or later and servers running Windows Server 2008 and higher.

Security updates for all impacted Windows platforms are available on Microsoft's MSRC (Microsoft Security Response Center) portal.
Click to expand...
www.bleepingcomputer.com

Microsoft fixes Windows zero-day disclosed by Google last month

Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Thanks
  • Wow
Reactions: Cortex, Andy Ful, Gandalf_The_Grey and 18 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
  • Like
Reactions: Cortex, Andy Ful, Protomartyr and 5 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,567
  • Like
Reactions: silversurfer, Cortex, [correlate] and 6 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
security123 said:
After the reboot today i got this popup in blocked Anti-Ransomware from Defender:
MoUsoCoreWorker.exe

This is related to Windows Update and i really think why this needs to be allowed/ is blocked or at least reported.
@Andy Ful
Click to expand...
Jan Willy said:
It was detected and blocked by Controlled Folder Access. I have whitelisted this item.
Click to expand...

CFA did not block MoUsoCoreWorker.exe, but only blocked the attempt to access the disk by this process.
This can be probably ignored - if such a block could cause the issues it would be noticed by Microsoft.
Anyway, until we do not understand well what happened it is better to add an exclusion in CFA.:)(y)
 
  • Like
  • +Reputation
  • Thanks
Reactions: silversurfer, Cortex, Jan Willy and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,512
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
F
    • Like
    • +Reputation
Security News Windows Kernel bug fixed last month exploited as zero-day since August
Replies
0
Views
1,057
Security News
Freki123
F
[correlate]
    • Like
    • +Reputation
Millions of Exim mail servers exposed to zero-day RCE attacks
Replies
0
Views
1,344
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top