Google, a Windows Kernel cryptography driver (sng.sys) shared details about the bug found in the file. It was also abused by open hackers.
Technology companies are constantly developing new products, as well as trying to make their existing products more advanced. For this purpose, many security and development efforts continue non-stop.
Google’s Project Zero team, which focuses on finding vulnerabilities, revealed last week that there was a problem with a Windows Kernel. This was also reported to the Microsoft team. After the vulnerability was used by hackers, Google shared the information with the public.
This kernel problem, a zero-day vulnerability, is also being used by hackers. CVE-2020-117087, followed by the name of the open, does not seem to be fixed by Microsoft anytime soon.
According to the description on the Project Zero page, the Windows Kernel cryptography driver (cng.sys), creating a device / CNG vulnerability. This can also be used by programs in user mode and can provide control of various input and output data. This, in turn, creates a locally accessible attack area.
The Project Zero team actually reported this problem to Microsoft on October 22. Under Normal circumstances, the team gives developers 90 days to fix a deficit. The reason this deficit was announced in a short time was that it was already being exploited by malicious people.
Ben Hawkes of the Project Zero team shared details of this disclosure on Twitter, and said they had also notified Google. He also said he expected the deficit to be fixed with a patch to be released on November 10.
A statement on the matter also came from Microsoft. The firm’s statement said the safety issue would be examined. The researchers said they wanted to keep up with the deadlines, but the update required a time-quality balance. Microsoft has stated its ultimate goal as the highest level of customer protection and minimum user inconvenience.