A new bug has been found in Windows 10, threatening to take control of a computer as an admin
A new bug has been found in Windows Ten, threatening to take control of a computer as an admin
Microsoft has confirmed that a 'Zero Day' security vulnerability that is not patched on the Windows operating system is being affected from Windows 7 to Windows 10.
Microsoft's Project Zero team was the first to inform Microsoft about the vulnerability. The Dedicated Group of Leading Vulnerability Hunters discovered the Zero Day Security Bug.
The team warned that hackers were targeting Vulnerability, giving Microsoft seven days to fix the bug or exposing it.
According to Forbes, Google has revealed the Zero-Day Vulnerability after Microsoft failed to provide security patches during the period. Which is tracked as CVE-2020-17087.
The bug is located inside the Windows Kernel cryptography driver, called CNG.sys. This gives hackers as much power as accessing a Windows machine.
Its full technical details can be found in Google Project Zero Disclosure. But in general, it is a memory buffer overflow problem, which gives the hacker admin-level control over the compromised device.
Microsoft has confirmed the report of the attack. However, he said that so far this type of attack has not spread widely.
But to successfully hack the system in this attack, two types of vulnerabilities must be chained to each other.
One of them is browser-based Vulnerability CVE-2020-15999 which has already been fixed in both Chrome and Microsoft Edge.
Both were updated on October 20 and October 22, respectively. As long as your browser stays up to date, you'll be safe.
Microsoft has also stated that vulnerabilities cannot be exploited in a way that affects cryptographic functionality.
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV200002
Comments
Post a Comment