Bleeping Computer
Project Zero, Google’s 0day bug-hunting team, today disclosed a zero-day elevation of privileges (EoP) vulnerability found in the Windows kernel and actively exploited in targeted attacks.
The flaw is a pool-based buffer overflow that exists in the Windows Kernel Cryptography Driver (cng.sys) and it is currently tracked as CVE-2020-17087.