Last month, security researchers at Google’s Project Zero released details of a zero-day vulnerability in Windows that was being actively exploited.
Hacklers were taking advantage of a Windows Kernel Cryptography Driver security flaw (CVE-2020-117087) to gain elevated privileges in Windows 7, 8, and 10, as well as Windows Server 2008 and higher. As part of yesterday’s Patch Tuesday release, Microsoft has now issued a fix for the vulnerability.Known as the “Windows Kernel Local Elevation of Privilege Vulnerability”, CVE-2020-17087 was revealed to Microsoft back on October 22. Ordinarily, Project Zero would implement a 90-day grace period before going public with details of a vulnerability, but reduced this to just seven days due to the fact it was in the wild.
