Google shares details of a Windows Kernel Cryptography Driver security flaw that's being exploited by hackers

Google has shared details of a bug in the Windows Kernel Cryptography Driver (cng.sys) which is currently being exploited in the wild by hackers.

The Project Zero team had already privately shared details of the security flaw with Microsoft a little over a week ago, but now that it is being actively exploited the company has gone public. The zero-day flaw is being tracked as CVE-2020-117087, and it is not likely to be addressed by Microsoft for a couple of weeks.

See also:

• Install KB4580364 update to fix Windows 10 problems and gain the new Meet Now taskbar button
• How to uninstall Flash from Windows
• How to install Linux distros in Windows 10's WSL 2

A post on the Project Zero page explains: "The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs and supports a variety of IOCTLs with non-trivial input structures. It constitutes a locally accessible attack surface that can be exploited for privilege escalation (such as sandbox escape)".

The Project Zero team made Microsoft aware of the security flaw back on October 22, but now it says: "We have evidence that the following bug is being used in the wild. Therefore, this bug is subject to a 7 day disclosure deadline".

Ben Hawkes from Project Zero took to Twitter to say:

In a statement, Microsoft responded to the disclosure by saying:

Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers. While we work to meet all researchers' deadlines for disclosures, including short-term deadlines like in this scenario, developing a security update is a balance between timeliness and quality, and our ultimate goal is to help ensure maximum customer protection with minimal customer disruption.

Image credit: Primakov / Shutterstock