.png "back to home page")
I'm trying to think through this one, and the only mitigation I can think of is API hooking and then filtering on specific parameter values, which the general public is not equipped to do.https://t.co/sLYTLLr0Fu
— Lee Holmes (@Lee_Holmes) October 30, 2020
And on a Friday afternoon no less. https://t.co/L7xVFEhBVQ
— Zack Whittaker (@zackwhittaker) October 30, 2020
Google Project Zero: "We have evidence that the following bug is being used in the wild..."
— Ryan Naraine (@ryanaraine) October 30, 2020
Unpatched Windows EoP 0day https://t.co/9vOfwa8cww
Windows has many of the very best systems programmers in the world working on it, and it still ends up shipping buffer overflows in crypto libraries. I'm not some sort of RIIR fanatic, but please do consider writing new systems software in Rust at least.https://t.co/Zl6a5P5pLV
— rain ? (@sunshowers6) October 30, 2020
Google has dropped details of CVE-2020-17087, a previously undisclosed vulnerability in Windows 7 and Windows 10, which attackers are actively exploiting https://t.co/9Rf09HhXdW
— Paolo Passeri (@paulsparrows) October 31, 2020
脆弱性のfixが出ても、実際に広く適用されるまで時間が掛かる。しばらくはリスクに晒されるままだね。
— リチャード@MobileIron (@Richard2jp) October 31, 2020
Google reveals a new Windows zero-day bug it says is under active attack https://t.co/Gn0CaA5bsU
Incredible side-eye from Microsoft after Google dropped a Windows zero-day this afternoon. https://t.co/sm2X43ECDU https://t.co/xNyTq7e1oF pic.twitter.com/tcrCVDBQhL
— Zack Whittaker (@zackwhittaker) October 30, 2020
Windows Kernel cng.sys pool-based buffer overflow in IOCTL 0x390400 https://t.co/PcLC30o7Tv
— Project Zero Bugs (@ProjectZeroBugs) October 30, 2020
In addition to last week's Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. The technical details of CVE-2020-17087 are now available here: https://t.co/bO451188Mk
— Ben Hawkes (@benhawkes) October 30, 2020
Per Google, Microsoft is expected to patch this in the Nov 2020 Patch Tuesday: https://t.co/4Prvm3xtu2
— Catalin Cimpanu (@campuscodi) October 30, 2020
POC and technical deets are here: https://t.co/6Ut5wf8gIh
Google discloses unpatched Windows zero-day exploited in the wild https://t.co/ZOKIJ0EsRV
— kokumօtօ (@__kokumoto) October 31, 2020
GoogleのProject Zeroが、未パッチのWindows脆弱性とPoCを公開。CNGのBOFで、バッファサイズを格納する16bit整数の桁あふれが原因。権限昇格に使用可能。既に攻撃が確認されている。パッチは11/10予定。
Google discloses unpatched Windows zero-day exploited in the wild https://t.co/Mv7QsN5YP3
— D5 (@FiveGmbh) October 30, 2020
Windows kernel zero-day vulnerability used in targeted attacks https://t.co/1cKrms5MZ4
— Nicolas Krassas (@Dinosn) October 30, 2020
Windows kernel zero-day vulnerability used in targeted attacks https://t.co/nOwJqOqGAL
— piyokango (@piyokango) October 30, 2020
Windows kernel zero-day vulnerability used in targeted attacks https://t.co/gg69Cb7w3o
— Hiroki Takakura (@hiroki_takakura) October 30, 2020
Google’s Project Zero discloses Windows 0day that’s been under active exploit | Ars Technica https://t.co/BoCGitVv6q
— lunamoth (@lunamoth) October 31, 2020
악용 가능한 윈도와 크롬 브라우저 보안 취약점 공개한 구글 프로젝트 제로 팀 - techG https://t.co/UI8MC91Jj6
Google’s Project Zero discloses Windows 0day that’s been under active exploit – Microsoft Vulnerability Research (MSVR) group VS Project Zero team https://t.co/E99VJFuvZS
— Lavy Shtokhamer (@LavyShtokhamer) October 31, 2020
Google’s Project Zero discloses Windows 0day that’s been under active exploit https://t.co/6bTCuL2gkl
— Patrick C Miller (@PatrickCMiller) October 31, 2020
구글 프로젝트 제로GPZ가 활발히 공략되고 있는 윈도 0day를 7일만에 공개. 암호학 기능을 처리하는 곳의 버퍼 오버플로우로 코드 실행이 가능. 최소 윈도7, 10 해당. 한편 GPZ는 크롬 등의 FreeType 취약점도 발견해 고쳐졌으나 이 윈도 취약점은 아직 패치안됨.https://t.co/fcGAzc9lcm
— 라루얀 / 말썽쟁이 구운 경단 ? (@LaruYan) October 30, 2020
Google’s Project Zero discloses Windows 0day that’s been under active exploit
— Fabrizio Bustamante (@Fabriziobustama) October 31, 2020
By @arstechnica https://t.co/mUKEwnuno8#CyberSecurity #CyberAttack #Google #infosec #Tech
Cc: @techpearce2 @techpearce @CioAmaro @archonsec @gvalan @RagusoSergio @AshokNellikar @ShiCooks @Victoryabro pic.twitter.com/ZzkxKLMXpZ
Google reveals a new Windows zero-day bug it says is under active attackhttps://t.co/719fJ0Bdmu
— NUSK IT Consultancy LTD (@nuskitconsultan) October 31, 2020
#cybersecurity #windows #windows10 #computersecurity #computermalware https://t.co/fFPgNGAQXP
I'm trying to think through this one, and the only mitigation I can think of is API hooking and then filtering on specific parameter values, which the general public is not equipped to do.https://t.co/sLYTLLr0Fu
— Lee Holmes (@Lee_Holmes) October 30, 2020
Windows kernel zero-day disclosed by Google's Project Zero after bug exploited in the wild by hackers https://t.co/8RQPsAoMeP pic.twitter.com/Z8r8TkqHPY
— Mohamed A. Basset (@SymbianSyMoh) October 30, 2020
CVE-2020-17087がChromeゼロディと連携してしまう可能性がある様です。Google研究者は11/10にゼロディのパッチが出ると予想している様です。#セキュリティ #ゼロディ #脆弱性
— キタきつね (@foxbook) October 31, 2020
「Googleは、パッチが適用されていないWindowsのゼロデイ攻撃を公開しています」https://t.co/tOF9J9G0eh
The Project Zero team yesterday disclosed a Windows kernel 0day bug currently under active exploitation. The bug is tracked as CVE-2020-17087#projectzero #windows #0dayhttps://t.co/RpHX9cr9Ee
— SecurityTrails (@securitytrails) October 31, 2020
#Windows kernel zero-day #vulnerability used in targeted attacks https://t.co/fOV0CZfbiT pic.twitter.com/Y1sOaghssm
— TEAM CYMRU (@teamcymru) November 1, 2020
Windows kernel zero-day vulnerability used in targeted attacks https://t.co/aTSd9LYCuH
— Harjit Dhaliwal [MVP] (@Hoorge) October 31, 2020
My personal view, giving a 7 day deadline is not helpful, and not a responsible way of disclosing publicly. https://t.co/3xAK8m4v9N
— Sean Wright (#BeerCon2 ?) (@SeanWrightSec) October 31, 2020