Windows kernel zero-day vulnerability used in targeted attacks

Bleeping Computer

Project Zero, Google’s 0day bug-hunting team, today disclosed a zero-day elevation of privileges (EoP) vulnerability found in the Windows kernel and actively exploited in targeted attacks.

The flaw is a pool-based buffer overflow that exists in the Windows Kernel Cryptography Driver (cng.sys) and it is currently tracked as CVE-2020-17087.

Full article