Google은 현재 야생에서 악용되고있는 Windows의 제로 데이 취약점을 공개합니다.

newsroom 11/1 '20 posted 뉴스 IT

• Microsoft 대변인은 또한 보고된 공격이 "매우 제한적이며 본질적으로 표적이되었으며 광범위한 사용을 나타내는 증거를 보지 못했습니다."라고 덧붙였습니다.

• 버그가 활발하게 악용되고 있었기 때문에 검색 대기업의 팀은 오늘 공개적으로 버그를 공개하기 전에 Microsoft에 7 일 동안 버그를 패치할 수있는 시간을 제공했습니다.

• 또한 Google의 위협 분석 그룹 지시인 Shane Huntly는 이 익스플로잇이 다가오는 미국 선거에 대한 국가 지원 공격과 관련이 없음을 확인했습니다.

• 이 결함은 Windows 7까지 거슬러 올라가는 Windows 버전과 Windows 10의 완전히 패치된 모든 버전에 영향을 미치는 것으로 여겨집니다.

• Google의 보안 연구원은 Windows 운영 체제의 제로 데이 취약점을 공개했으며, 현재 CVE-2020-17087로 추적되고 있으며, 현재 활발하게 악용되고 있습니다.

• Google 연구원들은 이 제로 데이 결함에 대한 패치가 11 월 10 일에 제공될 것으로 예상합니다. Google의 위협 분석 그룹 이사인 Shane Huntley (@ShaneHuntley)는 이 취약점이 향후 미국 선거와 관련이 없는 표적 공격에 악용되었음을 확인했습니다..

• 이 결함은 Windows Kernel Cryptography Driver (cng.dll)에 존재하는 풀 기반 버퍼 오버플로입니다.

Google reveals a new Windows zero-day bug it says is under active attack [techcrunch.com]

Google discloses a zero-day vulnerability in Windows, currently exploited in the wild [www.neowin.net]

Google reveals details of unpatched Zero day bug in Windows 10 [mspoweruser.com]

2104 - project-zero - Project Zero - Monorail [bugs.chromium.org]

Windows kernel zero-day disclosed by Google's Project Zero after bug exploited in the wild by hackers [www.theregister.com]

[www.neowin.net]

Google shares details of a Windows Kernel Cryptography Driver security flaw that's being exploited by hackers [betanews.com]

Google discloses unpatched Windows zero-day exploited in the wild [securityaffairs.co]

Just a moment... [www.bleepingcomputer.com]

Google’s Project Zero discloses Windows 0day that’s been under active exploit [arstechnica.com]

CISA, Microsoft Warn of Continued Attacks on Zerologon Bug [duo.com]

Microsoft warns hackers are still abusing Windows Zerologon bug [www.techradar.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

11/1 '20 answered

I'm trying to think through this one, and the only mitigation I can think of is API hooking and then filtering on specific parameter values, which the general public is not equipped to do.https://t.co/sLYTLLr0Fu
— Lee Holmes (@Lee_Holmes) October 30, 2020

And on a Friday afternoon no less. https://t.co/L7xVFEhBVQ
— Zack Whittaker (@zackwhittaker) October 30, 2020

Google Project Zero: "We have evidence that the following bug is being used in the wild..."

Unpatched Windows EoP 0day https://t.co/9vOfwa8cww
— Ryan Naraine (@ryanaraine) October 30, 2020

Windows has many of the very best systems programmers in the world working on it, and it still ends up shipping buffer overflows in crypto libraries. I'm not some sort of RIIR fanatic, but please do consider writing new systems software in Rust at least.https://t.co/Zl6a5P5pLV
— rain ? (@sunshowers6) October 30, 2020

Google has dropped details of CVE-2020-17087, a previously undisclosed vulnerability in Windows 7 and Windows 10, which attackers are actively exploiting https://t.co/9Rf09HhXdW
— Paolo Passeri (@paulsparrows) October 31, 2020

脆弱性のfixが出ても、実際に広く適用されるまで時間が掛かる。しばらくはリスクに晒されるままだね。

Google reveals a new Windows zero-day bug it says is under active attack https://t.co/Gn0CaA5bsU
— リチャード@MobileIron (@Richard2jp) October 31, 2020

Incredible side-eye from Microsoft after Google dropped a Windows zero-day this afternoon. https://t.co/sm2X43ECDU https://t.co/xNyTq7e1oF pic.twitter.com/tcrCVDBQhL
— Zack Whittaker (@zackwhittaker) October 30, 2020

Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400 https://t.co/PcLC30o7Tv
— Project Zero Bugs (@ProjectZeroBugs) October 30, 2020

In addition to last week's Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. The technical details of CVE-2020-17087 are now available here: https://t.co/bO451188Mk
— Ben Hawkes (@benhawkes) October 30, 2020

Per Google, Microsoft is expected to patch this in the Nov 2020 Patch Tuesday: https://t.co/4Prvm3xtu2

POC and technical deets are here: https://t.co/6Ut5wf8gIh
— Catalin Cimpanu (@campuscodi) October 30, 2020

Google discloses unpatched Windows zero-day exploited in the wild https://t.co/ZOKIJ0EsRV
GoogleのProject Zeroが、未パッチのWindows脆弱性とPoCを公開。CNGのBOFで、バッファサイズを格納する16bit整数の桁あふれが原因。権限昇格に使用可能。既に攻撃が確認されている。パッチは11/10予定。
— kokumօtօ (@__kokumoto) October 31, 2020

Google discloses unpatched Windows zero-day exploited in the wild https://t.co/Mv7QsN5YP3
— D5 (@FiveGmbh) October 30, 2020

Windows kernel zero-day vulnerability used in targeted attacks https://t.co/1cKrms5MZ4
— Nicolas Krassas (@Dinosn) October 30, 2020

Windows kernel zero-day vulnerability used in targeted attacks https://t.co/nOwJqOqGAL
— piyokango (@piyokango) October 30, 2020

Windows kernel zero-day vulnerability used in targeted attacks https://t.co/gg69Cb7w3o
— Hiroki Takakura (@hiroki_takakura) October 30, 2020

Google’s Project Zero discloses Windows 0day that’s been under active exploit | Ars Technica https://t.co/BoCGitVv6q

악용 가능한 윈도와 크롬 브라우저 보안 취약점 공개한 구글 프로젝트 제로 팀 - techG https://t.co/UI8MC91Jj6
— lunamoth (@lunamoth) October 31, 2020

Google’s Project Zero discloses Windows 0day that’s been under active exploit – Microsoft Vulnerability Research (MSVR) group VS Project Zero team https://t.co/E99VJFuvZS
— Lavy Shtokhamer (@LavyShtokhamer) October 31, 2020

Google’s Project Zero discloses Windows 0day that’s been under active exploit https://t.co/6bTCuL2gkl
— Patrick C Miller (@PatrickCMiller) October 31, 2020

구글 프로젝트 제로GPZ가 활발히 공략되고 있는 윈도 0day를 7일만에 공개. 암호학 기능을 처리하는 곳의 버퍼 오버플로우로 코드 실행이 가능. 최소 윈도7, 10 해당. 한편 GPZ는 크롬 등의 FreeType 취약점도 발견해 고쳐졌으나 이 윈도 취약점은 아직 패치안됨.https://t.co/fcGAzc9lcm
— 라루얀 / 말썽쟁이 구운 경단 ? (@LaruYan) October 30, 2020

Google’s Project Zero discloses Windows 0day that’s been under active exploit
By @arstechnica https://t.co/mUKEwnuno8 #CyberSecurity #CyberAttack #Google #infosec #Tech
Cc: @techpearce2 @techpearce @CioAmaro @archonsec @gvalan @RagusoSergio @AshokNellikar @ShiCooks @Victoryabro pic.twitter.com/ZzkxKLMXpZ
— Fabrizio Bustamante (@Fabriziobustama) October 31, 2020

permanent link

Open Wiki - Feel free to edit it. -

11/1 '20 answered

Google reveals a new Windows zero-day bug it says is under active attackhttps://t.co/719fJ0Bdmu

#cybersecurity #windows #windows10 #computersecurity #computermalware https://t.co/fFPgNGAQXP
— NUSK IT Consultancy LTD (@nuskitconsultan) October 31, 2020

I'm trying to think through this one, and the only mitigation I can think of is API hooking and then filtering on specific parameter values, which the general public is not equipped to do.https://t.co/sLYTLLr0Fu
— Lee Holmes (@Lee_Holmes) October 30, 2020

Windows kernel zero-day disclosed by Google's Project Zero after bug exploited in the wild by hackers https://t.co/8RQPsAoMeP pic.twitter.com/Z8r8TkqHPY
— Mohamed A. Basset (@SymbianSyMoh) October 30, 2020

CVE-2020-17087がChromeゼロディと連携してしまう可能性がある様です。Google研究者は11/10にゼロディのパッチが出ると予想している様です。#セキュリティ #ゼロディ #脆弱性

「Googleは、パッチが適用されていないWindowsのゼロデイ攻撃を公開しています」https://t.co/tOF9J9G0eh
— キタきつね (@foxbook) October 31, 2020

The Project Zero team yesterday disclosed a Windows kernel 0day bug currently under active exploitation. The bug is tracked as CVE-2020-17087#projectzero #windows #0day https://t.co/RpHX9cr9Ee
— SecurityTrails (@securitytrails) October 31, 2020

#Windows kernel zero-day #vulnerability used in targeted attacks https://t.co/fOV0CZfbiT pic.twitter.com/Y1sOaghssm
— TEAM CYMRU (@teamcymru) November 1, 2020

Windows kernel zero-day vulnerability used in targeted attacks https://t.co/aTSd9LYCuH
— Harjit Dhaliwal [MVP] (@Hoorge) October 31, 2020

My personal view, giving a 7 day deadline is not helpful, and not a responsible way of disclosing publicly. https://t.co/3xAK8m4v9N
— Sean Wright (#BeerCon2 ?) (@SeanWrightSec) October 31, 2020

permanent link

Reply with curations

Related

Featured